[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: WS-Security Signing Standards
Thanks Jeff – I assume it is therefore advisable to reference the XML Namespaces to confirm the validity of the current WSS standard rather than the standard
itself? -- Rob Mason From: Krug, Jeff [mailto:Jeff.Krug@gtri.gatech.edu]
XML-DSIG has been updated given the concerns related to SHA1 that have arisen in the last 6+ years, where it's basically considered to be obsolete now (for security related purposes), but there
are dozens if not hundreds of older specs that reference / rely on XML-DSIG that have not been updated, so they are just out of date with regards to the recommended algorithms to use. From: Mason Rob (HOB) <RobertNeil.Mason3@homeoffice.gsi.gov.uk> Good Morning, I am writing on behalf of my project team regarding a possible discrepancy in the published WS-Security standards: Section 6 defines RSAwithSHA1 as the required signing standard. The XML Namespace referred by WSS (XML namespace defined at
http://www.w3.org/TR/xmldsig-core1/#sec-Algorithms) requires RSA-SHA256 and discourages RSA-SHA1. Is this a known contradiction within the current standard definitions? Thanks -- Rob Mason ********************************************************************** ********************************************************************** **********************************************************************
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]