OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-45) PMode parameter for Key Transport algorithm

    [ https://issues.oasis-open.org/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=38147#comment-38147 ] 

Pim van der Eijk commented on EBXMLMSG-45:

I got feedback from a vendor involved in two interoperability tests,  they support  “http://www.w3.org/2001/04/xmlenc#rsa-1_5”;, “http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p”; and “http://www.w3.org/2009/xmlenc11#rsa-oaep”; and it is a configurable option so they can switch between the three.  They find that their partner systems are often very picky about the algorithm. When testing against one vendor, they had to use “http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p”;, otherwise security processing would fail on the partner side (they don’t know if they can configure the algorithm or if it is a problem in the software) and when doing dome tests with another vendor, they had to use “http://www.w3.org/2001/04/xmlenc#rsa-1_5”;. 

> PMode parameter for Key Transport algorithm
> -------------------------------------------
>                 Key: EBXMLMSG-45
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-45
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
> For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    
> XML Encryption actually distinguishes two algorithms:
> xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.
> xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.
> I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.
> (This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]