OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (EBXMLMSG-45) PMode parameter for Key Transport algorithm

PMode parameter for Key Transport algorithm
-------------------------------------------

                 Key: EBXMLMSG-45
                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-45
             Project: OASIS ebXML Messaging Services TC
          Issue Type: Improvement
          Components: Core Spec
            Reporter: Pim van der Eijk


For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    

XML Encryption actually distinguishes two algorithms:

xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm

The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.

xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm

The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.

I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.

(This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).




 


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]