Subject: New Issue: Is the key agreement algorithm proposed in WS-Trust sound?
Protocol: ws-trust <>Artifact: spec Type: design Title: Is the key agreement algorithm proposed in WS-Trust sound? Description: <> Section 6.2.4 proposes the use of P_SHA-1 algorithm taken from rfc 2246 (TLS 1.0) for implementing a key agreement protocol. However, key agreement in rfc 2246 involves a somewhat different construction which uses P_SHA-1 only as a sub-component. (1) Is there an analysis or other material available to support the use of P_SHA-1 as proposed in WS-Trust? (2) P_SHA-1 is an iterative method that could theoretically generate keying material of unbounded size. It would seem that there would need to be some constraints on the sizes of Ent(req), Ent(resp) and the computed key. For example, would Ent(req) and Ent(resp) be required to be at least 160 bits? And, if so, what then would be the recommended size of the computed key? Related issues: Proposed Resolution: I dont have one. I am seeking further information from the editors of the current specification draft.