[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Created: (EBXMLMSG-40) Update XML Signature/Encryption reference to version 1.1 to get newer algorithms
Update XML Signature/Encryption reference to version 1.1 to get newer algorithms -------------------------------------------------------------------------------- Key: EBXMLMSG-40 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-40 Project: OASIS ebXML Messaging Services TC Issue Type: Improvement Components: AS4 Profile, Core Spec Reporter: Pim van der Eijk In ebMS3 it is possible to configure the signature algorithm: "PMode[1].Security.X509.Signature.Algorithm: The value of this parameter identifies the algorithm that is used to compute the value of the digital signature. The definitions for these values are found in the [XMLDSIG] or [XMLENC] specifications." ebMS3 Core has the following reference to XML Signature: [XMLDSIG] Donald Eastlake, et al, eds, XML-Signature Syntax and Processing, 2002. <http://www.w3.org/TR/xmldsig-core/> AS4 has the following: [XMLDSIG] XML-Signature Syntax and Processing (Second Edition). W3C Recommendation. 10 June 2008. http://www.w3.org/TR/xmldsig-core/ Both are outdated in various ways. For digest algorithms, they define SHA1 and not SHA2. For signature, they define rsa-sha1 but not rsa-sha256. The current version of XML Signature, which is the 1.1 version of April 2013, http://www.w3.org/TR/xmldsig-core1/ Could we update the reference to point to the 1.1 version? I would like to be able to set the digest algorithm to http://www.w3.org/2001/04/xmlenc#sha256 and signature algorithm to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. Here is an email exchange between me and Frederick Hirsch on this, with some background information. SHA1 is being phased out rapidly. https://lists.oasis-open.org/archives/wss-dev/201311/maillist.html The ebMS3 Core Pmode takes its values directly from the W3C specification, so it easier to update than WS-SecurityPolicy which has its own identifier format. There is also a newer version of XML Encryption with newer algorithms. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]