OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (EBXMLMSG-104) PMode[1].Security.X509.Encryption.MinimumStrength


    [ https://issues.oasis-open.org/browse/EBXMLMSG-104?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66305#comment-66305 ] 

Sander Fieten commented on EBXMLMSG-104:
----------------------------------------

The explanation for the parameter indeed is quite unclear and doesn't match with the other parameters provided to configure the encryption. I tend to say this parameter should be replaced with a more generic P-Mode parameter to include the encryption algorithm's parameters which could be more then only the key size. This would bring the P-Mode structure more in line with the XML-enc spec and also makes the spec more sustainable.

I agree with Theo these parameters specify how the sender has to apply encryption and that a receiver may choose to accept more.

> PMode[1].Security.X509.Encryption.MinimumStrength
> -------------------------------------------------
>
>                 Key: EBXMLMSG-104
>                 URL: https://issues.oasis-open.org/browse/EBXMLMSG-104
>             Project: OASIS ebXML Messaging Services TC
>          Issue Type: Bug
>          Components: Core Spec
>            Reporter: Pim van der Eijk
>
> This parameter is inherited from CPPA2,  and its definition is taken from there.  It has several problems:
> 1) the paragraph assumes more effective bits are better,  but this depends on key/algorithm type.  A short EC key can be more effective than a long RSA key.
> 2) Algorithms typically define the key size. In that case the bit size is determined by the PMode[1].Security.X509.Encryption.Algorithm.  The bit size is not an independently selectable parameter in an algorithm.  Algorithms differ not just on key size.  E.g. the differences between AES 125, 192 and 256 are not just key size.  
> 3) A P-Mode is like an agreement.  In an agreement parties specify what they agree to use,  e.g. AES128,  not what they agree to use minimally. If the agreement is AES128, the sender should not use AES256.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]