OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (EBXMLMSG-40) Update XML Signature/Encryption reference to version 1.1 to get newer algorithms

Update XML Signature/Encryption reference to version 1.1 to get newer algorithms
--------------------------------------------------------------------------------

                 Key: EBXMLMSG-40
                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-40
             Project: OASIS ebXML Messaging Services TC
          Issue Type: Improvement
          Components: AS4 Profile, Core Spec
            Reporter: Pim van der Eijk


In ebMS3 it is possible to configure the signature algorithm:

"PMode[1].Security.X509.Signature.Algorithm: The value of this parameter identifies the algorithm that is used to compute the value of the digital signature. The definitions for these values are found in the [XMLDSIG] or [XMLENC] specifications."

ebMS3 Core has the following reference to XML Signature:
[XMLDSIG] Donald Eastlake, et al, eds, XML-Signature Syntax and Processing, 2002. <http://www.w3.org/TR/xmldsig-core/>

AS4 has the following:
[XMLDSIG] XML-Signature Syntax and Processing (Second Edition). W3C Recommendation. 10 June 2008. http://www.w3.org/TR/xmldsig-core/

Both are outdated in various ways.  For digest algorithms,  they define SHA1 and not SHA2. For signature,  they define rsa-sha1 but not rsa-sha256. 

The current version of XML Signature, which is the 1.1 version of April 2013, http://www.w3.org/TR/xmldsig-core1/ Could we update the reference to point to the 1.1 version?  I would like to be able to set the digest algorithm to http://www.w3.org/2001/04/xmlenc#sha256 and signature algorithm to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.    

Here is an email exchange between me and Frederick Hirsch on this, with some background information. SHA1 is being phased out rapidly. 
https://lists.oasis-open.org/archives/wss-dev/201311/maillist.html

The ebMS3 Core Pmode takes its values directly from the W3C specification,  so it easier to update than WS-SecurityPolicy which has its own identifier format.

There is also a newer version of XML Encryption with newer algorithms.



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]