OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (EBXMLMSG-45) PMode parameter for Key Transport algorithm

    [ http://tools.oasis-open.org/issues/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=36589#action_36589 ] 

Pim van der Eijk commented on EBXMLMSG-45:
------------------------------------------

According to http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/#sec-RSA-OAEP,  if the value for the key transport algorithm is http://www.w3.org/2009/xmlenc11#rsa-oaep then two other algorithms can be specified:

1) Mask generation function, with values like http://www.w3.org/2009/xmlenc11#mgf1sha256. Default is http://www.w3.org/2009/xmlenc11#mgf1sha1.

2) Key transport message digest function, with values like http://www.w3.org/2001/04/xmlenc#sha256.  Default is http://www.w3.org/2000/09/xmldsig#rsa-sha1.

In both cases the defaults are discouraged.

This would mean three new parameters.






> PMode parameter for Key Transport algorithm
> -------------------------------------------
>
>                 Key: EBXMLMSG-45
>                 URL: http://tools.oasis-open.org/issues/browse/EBXMLMSG-45
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    
> XML Encryption actually distinguishes two algorithms:
> xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.
> xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.
> I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.
> (This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).
>  

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]