[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-dev] Support for modern security algorithms in WS-Security (resend, type)
Dear all, The WS-BRSP TC is discussing the references to/recommendations for SHA-1 in the BSP, and is considering a number of options. One of these options is to update the BSP and change the recommendations to reference algorithms consistent with current recommendations from security/cryptography experts e.g. to SHA-256 for hashing and RSA-SHA256 for signing. https://lists.oasis-open.org/archives/ws-brsp/201405/msg00007.html In this context it is relevant to know whether existing Web Services stacks have been tested for interoperability using these algorithms, or whether new test runs for BSP would be needed to verify the interoperability of implementations using these algorithms. A customer project I am involved in is looking at interoperability testing of a profile of AS4 (a separate OASIS Standard that uses WS-Security) that uses SHA-256 and RSA-SHA256, and so far this seems to work for the participating products. But more evidence from multiple products would be appreciated. Some other references below and in: https://lists.oasis-open.org/archives/ws-brsp/201405/msg00002.html If you have any information, comments or suggestions, please contact me (via the list, or directly by email). Message will be cross-posted to some lists, apologies for duplicates. Kind Regards, Pim van der Eijk On 11/17/2013 02:24 PM, Pim van der Eijk wrote:
Hi Frederick and others, For those interested in this: WS-Security is typically configured using WS-SecurityPolicy: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/os/ws-securitypolicy-1.3-spec-os.html WS-SecurityPolicy supports SHA256 but apparently it does so only for digests. For signature, RSA-SHA1 is hardwired and it is not possible to switch to RSA-SHA256 .. https://access.redhat.com/site/documentation/en-US/JBoss_Fuse/6.0/html/Web_Services_Security_Guide/files/MsgProtect-SOAP-SpecifyAlgorithmSuite.html http://cxf.547215.n5.nabble.com/CXF-Security-policy-signature-method-td5732250.html An interoperability issue between .NET and Websphere: http://www.fokkog.com/2011/01/ws-security-interoperability-issue.html Some vendors are adding support for signing with RSA-SHA2, here is information for two products: http://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/topic/com.ibm.iea.was_v8/was/8.0.0.4/Security/WAS8004_Support_SHA_Algorithms.pdf http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.express.doc%2Fae%2Fcwlp_wssec_defaultconfig.html https://blogs.oracle.com/gfsecurity/entry/what_s_new_in_metro https://blogs.oracle.com/SureshMandalapu/entry/support_of_rsa_sha256_and I note you also had a similar discussion in June on SP not being up to date XML Sig/Enc: https://lists.oasis-open.org/archives/ws-sx/201306/maillist.html Pim On 11/14/2013 04:57 PM, Frederick.Hirsch@nokia.com wrote:Pim Perhaps others on the list can speak to implementations. I can say that we completed interop on XML Signature 1.1 [1] demonstrating interoperability ; that said companies often have many products and version changes so you should check with vendors regarding product information. I'm not up to date on the status and evolution of WSS products (if you learn anything and can share I'd be curious) This latest news is also probably relevant: "Hoping to avert “collision” with disaster, Microsoft retires SHA1 After 2016, Microsoft will stop accepting the collision-prone crypto algorithm" http://arstechnica.com/security/2013/11/hoping-to-avert-collision-with-disaster-microsoft-retires-sha1/ regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG [1] see http://www.w3.org/TR/2012/NOTE-xmldsig-core1-interop-20121113/ On Nov 14, 2013, at 10:47 AM, ext Pim van der Eijk wrote:Hello Frederick, Thanks for confirming this. Hopefully the OASIS BRSP BSP can still be updated to reference the current versions and recommendations. From your experience, is XML Security 1.1 (and therefore newer algorithms like SHA-256) supported well (and interoperably) in commercial and open source Web Services security toolkits and products? Kind Regards, Pim On 11/14/2013 04:14 PM, Frederick.Hirsch@nokia.com wrote:Pim resend, fixed typo, "now both recommendations" XML Security 1.1 has updated algorithm information; http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/ http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/ SHA-256 is REQUIRED in XML Signature 1.1; SHA-1 required but use is discouraged. "Note: Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis], [SHA-1-Collisions] ) have cast doubt on the long-term collision resistance of SHA-1." XML Signature Best Practices has updated information on threats, countermeasures and algorithms that might be useful as well: http://www.w3.org/TR/2013/NOTE-xmldsig-bestpractices-20130411/ It seems WSS references XML Signature from 2002 which is 2 versions behind (2nd Edition and 1.1 are now both Recommendations and incorporate algorithm updates, security updates, clarifications see [1] ). regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG [1] http://www.w3.org/TR/2013/NOTE-xmldsig-core1-explain-20130411/ for 1.1 and http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain.html for 2nd edition On Nov 14, 2013, at 4:32 AM, ext Pim van der Eijk wrote:Hello, I am working on a project where WS-Security is being proposed. Security experts have pointed to some guideline documents that mention more modern security algorithms than are recommended in the BSP and in some other Web Services-related guidelines I have seen. Do WS-Security toolkits and vendor products these days commonly support these newer algorithms like SHA-256, so can a community therefore mandate them, or are most toolkits still limited to SHA-1 and would mandating SHA-256 create interoperability problems? Kind Regards, Pim van der Eijk -------- Original Message -------- Subject: [ws-brsp] BSP: SHA1 Preferred ? Date: Wed, 13 Nov 2013 19:14:18 +0100 From: Pim van der Eijk <pvde@sonnenglanz.net> To: ws-brsp@lists.oasis-open.org Hello, My first question on this list, sorry for not having had time for this TC before. http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd01/BasicSecurityProfile-v1.1-csprd01.html#_Toc364859639 9.6.1 SHA-1 Preferred The SHA-1 Digest algorithm is widely-implemented and interoperable hence the recommendation that it be used for signature digests. R5420 Any DIGEST_METHOD Algorithm attribute SHOULD have the value "http://www.w3.org/2000/09/xmldsig#sha1";. While interoperable, there are concerns that SHA-1 is no longer secure. Current guidelines do not longer recommend SHA-1 but instead recommend moving to SHA-256 or higher: http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests "This specification defines several possible digest algorithms for the DigestMethod element, including REQUIRED algorithm SHA-256. Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis]) have cast doubt on the long-term collision resistance of SHA-1. Therefore, SHA-1 support is REQUIRED in this specification only for backwards-compatibility reasons." http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report "SHA-1 as a hash function only for legacy applications" http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml "FIPS PUB 180-4 (using SHA-256 and SHA-384)" Shouldn't the BSP make recommendations consistent with current security recommendations? Kind Regards, Pim van der Eijk--------------------------------------------------------------------- To unsubscribe, e-mail: wss-dev-unsubscribe@lists.oasis-open.org For additional commands, e-mail: wss-dev-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]