OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-45) PMode parameter for Key Transport algorithm

    [ https://issues.oasis-open.org/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=40043#comment-40043 ] 

Sander Fieten commented on EBXMLMSG-45:
---------------------------------------

I agree that introducing P-Mode parameters for configuring WS-Security (maybe this is not only relevant for encryption). 

Especially if the configuration is needed for a required function from the spec. But for optional functionality (in this algorithm) these parameters should not be required because this would require support for optional functionality. In this case for example rejecting an algorithm other than rsa-oaep-mgf1p is conforming to a spec because the other algorithms are defined optional.



> PMode parameter for Key Transport algorithm
> -------------------------------------------
>
>                 Key: EBXMLMSG-45
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-45
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    
> XML Encryption actually distinguishes two algorithms:
> xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.
> xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.
> I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.
> (This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).
>  



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]