[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] question on DSAwithSHA1 algorithm
There has never been much interest in DSA outside of the US Federal Gov. DSA was originally developed in the days of US crypto export control. DSA (which is an El Gamal variant) was intended as a scheme which can be used for signature and not encryption. (I believe somebody figured out how to overcome this, but the point is now moot anyway.) It was also developed at a time when the RSA patent was still in force. Since both these conditions have changed, the only people using DSA today are those required by some standard or regulation. The inability to (easily) use the same key for encryption and signature is often seen as a disadvantage of using DSA as compared to RSA. In 2004, for SAML 2.0 we pretty much chose the algorithms we thought people would be most likely to want. (I see that we did not specify anything except "use Dsig" in 1.0 and 1.1.) However in recent years the attacks on the collision properties of SHA1 (and MD5) have made people nervous enough that NIST is now recommending that SHA1 be phased out by 2010 in favor of SHA-224, SHA-256, SHA-384 and SHA-512. http://csrc.nist.gov/groups/ST/toolkit/documents/shs/hash_standards_comm ents.pdf I believe that they intend to hold an international competition on the model of the AES selection process to select wholly new types of hash algorithms which will be free of the types of attacks on MD1, SHA1, etc. What is really needed is a better theoretical understanding of hash functions, which is no where near as developed as that for symmetric and asymmetric encryption. The W3C is now in the process of chartering a new WG to make significant revisions, if necessary to XML Signature, XML Encryption and related algorithms, e.g. C14N. http://www.w3.org/2007/xmlsec/wiki/charter This should get underway in May. The extent of changes this WG will make is unknown, but I am confident that the list of mandatory to implement algorithms will change. The WG is chartered for 2 years, and of course it will take some time for changes to become available in products. I strongly encourage anyone who is interested in this work to join the W3C WG. Hal > -----Original Message----- > From: Scott Cantor [mailto:cantor.2@osu.edu] > Sent: Wednesday, March 05, 2008 11:55 AM > To: 'Kyle Meadors'; security-services@lists.oasis-open.org > Subject: RE: [security-services] question on DSAwithSHA1 algorithm > > > The other question which arose in the last Liberty interop test was > about > > the signature algorithm DSAwithSHA1. Section 4.1 of SAMLConf states that > > DSAwithSHA1 is recommended but not required in SAML 2.0. However, it is > > mandated for XML signature. One participant could not support > DSAwithSHA1 > so > > we had to require all signatures to be with RSAwithSHA1. > > Well, just because XMLSig requires something doesn't mean SAML has to. It > means we *could* without burdening people too much, but that's about it. > > > Our question is one of background on this issue. Why was DSAwithSHA1 > support > > not required in SAML despite the XMLSig mandate? And, are these > requirements > > still necessary going forward. Thanks. > > I have no memory of it specifically, maybe somebody else does. I suspect > it > was just a general sense that requiring something without a good reason > was > a bad thing. > > -- Scott > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]