OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [ws-brsp] Current status, and BSP issue

Hello Jacques,

I would propose to indeed change the "preferred" status of SHA-1.   It is not consistent with current information security guidance, which states (this is from a European agency, the content is consistent with guidelines from agencies in other geographies):

"Hash Functions: For near term use we recommend SHA-256 and for long term use SHA-512."
(Page 34 in http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report)

http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests writes:

"This specification defines several possible digest algorithms for the DigestMethod element, including REQUIRED algorithm SHA-256. Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis]) have cast doubt on the long-term collision resistance of SHA-1. Therefore, SHA-1 support is REQUIRED in this specification only for backwards-compatibility reasons."

To be consistent with the W3C XML Signature and XML Encryption recommendations, we could reference the W3C recommendation directly and replace:

9.6.1  SHA-1 Preferred
The SHA-1 Digest algorithm is widely-implemented and interoperable hence the recommendation that it be used for signature digests.
R5420 Any DIGEST_METHOD Algorithm attribute SHOULD have the value "http://www.w3.org/2000/09/xmldsig#sha1".


9.6.1  Message Digest Algorithms

R5420? Message Digests SHOULD use message digest algorithms that are consistent with recommendations in http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests.

In some cases, the W3C recommendation lists quite a lot of options, and we could be more specific and pick a common one:

9.7.1  Algorithms
The two algorithms listed are widely-implemented and interoperable. Two algorithms are needed, one symmetric, one asymmetric.
R5421 Any SIGNATURE_METHOD Algorithm attribute SHOULD have a value of "http://www.w3.org/2000/09/xmldsig#hmac-sha1" or "http://www.w3.org/2000/09/xmldsig#rsa-sha1".


9.7.1  Algorithms

R5421? Signatures SHOULD be computed using either http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 or http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 algorithms.

Problematic are the SHA1 references in 13.2.6 and 13.2.7 , since there is only a  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1 and no equivalent for SHA256.

All examples in the spec are based on SHA1 and would then need to be reviewed as well.

Kind Regards,


On 03/06/2014 09:09 PM, Jacques Durand wrote:
A stronger stance would be to – in addition - alter the “preferred” status of SHA-1 (section 9.6.1) and make it just an option at same level as others



To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]