[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [ebxml-msg] security problem with ebXML MS
Jim, The security section of the ebMS spec takes great pains to describe the many issues surrounding security and messaging. The ebXML Architecture Security spec takes this even further. The ebMS spec describes integrity, confidentiality and authentication as having both persistent and transient aspects, with the persistent aspect being addressed by means of the digital signing of the "message" using XML Signatures and the persistent confidentiality of any payload by means of S/MIME. We state that XML Encryption will be considered once it becomes a W3C Recommendation. Transient security mechanisms (on-the-wire confidentiality, integrity and authentication) by means of technologies such as SSL, TLS or IPSEC can be used as countermeasures for MITM attacks, especially when combined with the persistent mechanisms described. Because certain portions of the message are meant to be mutable it is not possible to apply a persistent signature over the entire stream unless it is known that the message will never (need to) be changed. If intermediaries are not involved, then it is possible to ensure message integrity by means of transient mechanisms between the two adjacent nodes providing an assurance that the message has not been tampered by a MITM. HTH, Chris James M Galvin wrote: > There is a security problem with ebXML MS that is not addressed by the > assertion to just use XML Digital Signature and XML Encryption (or > S/MIME). > > The problem is the MIME headers that are used to label the payloads are > not protected. This is an issue because implementations will dispatch > payloads according to values found in these headers. Without protection > a man-in-the-middle could change these headers resulting in unintended > actions being taken by implementations. > > It is not the responsibility of the individual XML security > specifications to address this issue. Those specifications correctly > accept arbitrary data streams with control information and generate > appropriate output. > > This issue is about what is protected and how implementations prepare > the data stream for the application and validation/removal of the > security services. > > Specifically, the ebXML Message Specification needs to specify how the > MIME headers are to be canonicalized and included in the data stream for > both the application of a signature and the application of encryption. > In addition, the specification needs to specify how the headers are > recovered for use by the MSH after the encryption is removed and the > signature is validated. > > Jim > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC