OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [ebxml-msg] security problem with ebXML MS


The security section of the ebMS spec takes great pains to
describe the many issues surrounding security and messaging.
The ebXML Architecture Security spec takes this even further.

The ebMS spec describes integrity, confidentiality and
authentication as having both persistent
and transient aspects, with the persistent aspect being
addressed by means of the digital signing of the "message"
using XML Signatures and the persistent confidentiality
of any payload by means of S/MIME. We state that XML Encryption
will be considered once it becomes a W3C Recommendation.

Transient security mechanisms (on-the-wire confidentiality,
integrity and authentication) by means of technologies such as
SSL, TLS or IPSEC can be used as countermeasures for MITM
attacks, especially when combined with the persistent mechanisms

Because certain portions of the message are meant to be mutable
it is not possible to apply a persistent signature over the entire stream
unless it is known that the message will never (need to) be changed.
If intermediaries are not involved, then it is possible to ensure
message integrity by means of transient mechanisms between
the two adjacent nodes providing an assurance that the message
has not been tampered by a MITM.



James M Galvin wrote:

> There is a security problem with ebXML MS that is not addressed by the
> assertion to just use XML Digital Signature and XML Encryption (or
> S/MIME).
> The problem is the MIME headers that are used to label the payloads are
> not protected.  This is an issue because implementations will dispatch
> payloads according to values found in these headers.  Without protection
> a man-in-the-middle could change these headers resulting in unintended
> actions being taken by implementations.
> It is not the responsibility of the individual XML security
> specifications to address this issue.  Those specifications correctly
> accept arbitrary data streams with control information and generate
> appropriate output.
> This issue is about what is protected and how implementations prepare
> the data stream for the application and validation/removal of the
> security services.
> Specifically, the ebXML Message Specification needs to specify how the
> MIME headers are to be canonicalized and included in the data stream for
> both the application of a signature and the application of encryption.
> In addition, the specification needs to specify how the headers are
> recovered for use by the MSH after the encryption is removed and the
> signature is validated.
> Jim
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC