OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-brsp] Current status, and BSP issue


Hello Jacques,

I would propose to indeed change the "preferred" status of SHA-1.   It is not consistent with current information security guidance, which states (this is from a European agency, the content is consistent with guidelines from agencies in other geographies):

"Hash Functions: For near term use we recommend SHA-256 and for long term use SHA-512."
(Page 34 in http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report)

http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests writes:

"This specification defines several possible digest algorithms for the DigestMethod element, including REQUIRED algorithm SHA-256. Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis]) have cast doubt on the long-term collision resistance of SHA-1. Therefore, SHA-1 support is REQUIRED in this specification only for backwards-compatibility reasons."

To be consistent with the W3C XML Signature and XML Encryption recommendations, we could reference the W3C recommendation directly and replace:

9.6.1  SHA-1 Preferred
The SHA-1 Digest algorithm is widely-implemented and interoperable hence the recommendation that it be used for signature digests.
R5420 Any DIGEST_METHOD Algorithm attribute SHOULD have the value "http://www.w3.org/2000/09/xmldsig#sha1".

By:

9.6.1  Message Digest Algorithms

R5420? Message Digests SHOULD use message digest algorithms that are consistent with recommendations in http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests.

In some cases, the W3C recommendation lists quite a lot of options, and we could be more specific and pick a common one:

9.7.1  Algorithms
The two algorithms listed are widely-implemented and interoperable. Two algorithms are needed, one symmetric, one asymmetric.
R5421 Any SIGNATURE_METHOD Algorithm attribute SHOULD have a value of "http://www.w3.org/2000/09/xmldsig#hmac-sha1" or "http://www.w3.org/2000/09/xmldsig#rsa-sha1".

By:

9.7.1  Algorithms

R5421? Signatures SHOULD be computed using either http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 or http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithms.

Problematic are the SHA1 references in 13.2.6 and 13.2.7 , since there is only a  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 and no equivalent for SHA256.

All examples in the spec are based on SHA1 and would then need to be reviewed as well.

Kind Regards,

Pim



On 03/06/2014 09:09 PM, Jacques Durand wrote:
A stronger stance would be to – in addition - alter the “preferred” status of SHA-1 (section 9.6.1) and make it just an option at same level as others

Opinion?

-jacques


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]