[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [regrep-security] Need help with Errata in security section in RS 2.0
Sekhar, During implementation of ebxmlrr project we have found the following errors in the security related areas of RS 2.0. We need to fix these in an errata within the next few weeks. I need your help in reviewing / reolving these issues. Also if anyone else is aware of any other issues please send the issue and how to address the issue to me. Thanks for treating this as a high priority. Call me at 781-942-7277 if something needs clarification. RS 2.0 Security Issues ----------------------- -RS 3732 http://www.w3.org/2000/09/xmldsig/#dsa-sha1 This URL is broken and needs a replacement -RS 3735 and 3837 (ds:Signature should really say ds:SignedInfo. It is ds:SignedInfo that contains the ds:CanonicalizationMethod element and not ds:Signature directly. See attached servletReq.mime. Also in statement below, the URL is broken. Also The ds:SignatureMethod should not contain ds:CanonicalizationMethod. They are siblings. It should be the ds:SignedInfo that contains the ds:CanonicalizationMethod. "The ds:SignatureMethod element must contain a ds:CanonicalizationMethod element. The following Canonicalization algorithm (specified in [XMLDSIG]) must be supported http://www.w3.org/TR/2001/REC-xml-c14n-2001315" -RS 3746 SignedValue should be SignatureValue -- Regards, Farrukh
<soap-env:Envelope xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" soap-env:actor="some-uri" soap-env:mustUnderstand="1"> <soap-env:Header> <SOAP-SEC:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#Body"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>GlIvsIp/oj8Cf/rMAsfTlOPYY4U=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>dhUX/q1MpU2InxQwPxOVqdB2D3iBaPS4MyUvnwjKQlKfN2Qyshvxvw==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIC5zCCAqUCBDxUrgYwCwYHKoZIzjgEAwUAMFkxDDAKBgNVBAYTA1VTQTEZMBcGA1UEChMQU3Vu IE1pY3Jvc3lzdGVtczEWMBQGA1UECxMNSmF2YSBTb2Z0d2FyZTEWMBQGA1UEAxMNRmFycnVraCBO YWptaTAeFw0wMjAxMjgwMTQ4NTRaFw0wMjA0MjgwMTQ4NTRaMFkxDDAKBgNVBAYTA1VTQTEZMBcG A1UEChMQU3VuIE1pY3Jvc3lzdGVtczEWMBQGA1UECxMNSmF2YSBTb2Z0d2FyZTEWMBQGA1UEAxMN RmFycnVraCBOYWptaTCCAbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3 UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAi wk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlX jrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8fti egEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQCb9vZKLHWpDT/e3hsW n2AwY8iyPWAmdxiFNAPOCVHc1B6sRHJ4saTNLtsjBTj60v7mZTpd9o4RLigOpQY4X02y5GF+85w2 aNUO3yHNRMTLxdbK2G+tS/e9j38efs0K1FoA4DopZGS4HdVge/phy7KDdiI9iPfuXNrvlA7ld4qM cjALBgcqhkjOOAQDBQADLwAwLAIUFpw7Czlhr0CcZex9Ude/8Ce41P4CFAqvcVXmCGvErnRasuTO 3XWaO2IL</ds:X509Certificate> </ds:X509Data> <ds:KeyValue> <ds:DSAKeyValue> <ds:P> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu K2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL Zl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y> m/b2Six1qQ0/3t4bFp9gMGPIsj1gJncYhTQDzglR3NQerERyeLGkzS7bIwU4+tL+5mU6XfaOES4o DqUGOF9NsuRhfvOcNmjVDt8hzUTEy8XWythvrUv3vY9/Hn7NCtRaAOA6KWRkuB3VYHv6Ycuyg3Yi PYj37lza75QO5XeKjHI= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature></SOAP-SEC:Signature></soap-env:Header> <soap-env:Body SOAP-SEC:id="Body"> <AdhocQueryRequest xmlns="urn:oasis:names:tc:ebxml-regrep:query:xsd:2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:oasis:names:tc:ebxml-regrep:query:xsd:2.0 query.xsd"> <ResponseOption returnComposedObjects="true" returnType="LeafClassWithRepositoryItem"></ResponseOption> <SQLQuery> SELECT * FROM ClassificationScheme </SQLQuery> </AdhocQueryRequest> </soap-env:Body> </soap-env:Envelope>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC