OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (EBXMLMSG-45) PMode parameter for Key Transport algorithm

    [ https://issues.oasis-open.org/browse/EBXMLMSG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=40044#comment-40044 ] 

Sander Fieten commented on EBXMLMSG-45:
---------------------------------------

Making hard coded references to a specific version of security specs (like XML Encryption) has the disadvantage that the ebMS spec has to be updated as well when these specs are upgraded because of detected flaws.

So it is better that state that implementations SHOULD support for the algorithms defined as required in the latest versions of these spec. This statement ensures implementation stay up-to-date security wise but because of the SHOULD allow some time to implement and not to loose conformance immediately with the release of a new security spec.

> PMode parameter for Key Transport algorithm
> -------------------------------------------
>
>                 Key: EBXMLMSG-45
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-45
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Improvement
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> For encryption,  the core specification currently has a PMode PMode[1].Security.X509.Encryption.Algorithm which identifies "the encryption algorithm to be used" based on W3C XML Encryption algorithm identifiers.    
> XML Encryption actually distinguishes two algorithms:
> xenc:EncryptedData / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of a block encryption algorithm like http://www.w3.org/2001/04/xmlenc#aes128-cbc or http://www.w3.org/2001/04/xmlenc#tripledes-cbc.
> xenc:EncryptedKey / xenc:EncryptionMethod / @Algorithm
> The value is an identifier of an algorithm used for Key Transport.  XML encryption currently recommends http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p,  commonly used values include http://www.w3.org/2001/04/xmlenc#rsa-1_5.
> I assume the PMode parameter identifies the first use.  There does not seem to be a parameter for the second one?  When using WS-SecurityPolicy, it would be needed to select the correct policy,  e.g. Basic128Sha256 versus Basic128Sha256Rsa15.
> (This is not to promote WS-SecurityPolicy,  the ebMS3 approach of directly using the W3C Signature and Encryption parameters is actually more future-proof than WS-SecurityPolicy's identifiers,  just to note that some implementers of ebMS3 will use security toolkits that are configured using WS-SecurityPolicy).
>  



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]