OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] question on DSAwithSHA1 algorithm

There has never been much interest in DSA outside of the US Federal Gov.
DSA was originally developed in the days of US crypto export control.
DSA (which is an El Gamal variant) was intended as a scheme which can be
used for signature and not encryption. (I believe somebody figured out
how to overcome this, but the point is now moot anyway.) 

It was also developed at a time when the RSA patent was still in force.
Since both these conditions have changed, the only people using DSA
today are those required by some standard or regulation. The inability
to (easily) use the same key for encryption and signature is often seen
as a disadvantage of using DSA as compared to RSA.

In 2004, for SAML 2.0 we pretty much chose the algorithms we thought
people would be most likely to want. (I see that we did not specify
anything except "use Dsig" in 1.0 and 1.1.) However in recent years the
attacks on the collision properties of SHA1 (and MD5) have made people
nervous enough that NIST is now recommending that SHA1 be phased out by
2010 in favor of SHA-224, SHA-256, SHA-384 and SHA-512.


I believe that they intend to hold an international competition on the
model of the AES selection process to select wholly new types of hash
algorithms which will be free of the types of attacks on MD1, SHA1, etc.
What is really needed is a better theoretical understanding of hash
functions, which is no where near as developed as that for symmetric and
asymmetric encryption.

The W3C is now in the process of chartering a new WG to make significant
revisions, if necessary to XML Signature, XML Encryption and related
algorithms, e.g. C14N. 


This should get underway in May. The extent of changes this WG will make
is unknown, but I am confident that the list of mandatory to implement
algorithms will change. The WG is chartered for 2 years, and of course
it will take some time for changes to become available in products. I
strongly encourage anyone who is interested in this work to join the W3C


> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: Wednesday, March 05, 2008 11:55 AM
> To: 'Kyle Meadors'; security-services@lists.oasis-open.org
> Subject: RE: [security-services] question on DSAwithSHA1 algorithm
> > The other question which arose in the last Liberty interop test was
> about
> > the signature algorithm DSAwithSHA1. Section 4.1 of SAMLConf states
> > DSAwithSHA1 is recommended but not required in SAML 2.0. However, it
> > mandated for XML signature. One participant could not support
> DSAwithSHA1
> so
> > we had to require all signatures to be with RSAwithSHA1.
> Well, just because XMLSig requires something doesn't mean SAML has to.
> means we *could* without burdening people too much, but that's about
> > Our question is one of background on this issue. Why was DSAwithSHA1
> support
> > not required in SAML despite the XMLSig mandate? And, are these
> requirements
> > still necessary going forward. Thanks.
> I have no memory of it specifically, maybe somebody else does. I
> it
> was just a general sense that requiring something without a good
> was
> a bad thing.
> -- Scott
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]