Re: [ws-sx] Issue 014: Is the key agreement algorithm proposed inWS-Trust sound?

[Prateek Mishra <prateek.mishra@oracle.com>]

OK, but what should it be?

Can I have entropy of 2 bits and a key size of 500 bits? What is the 
minimum size recommended for
entropy?

You get my drift.

- prateek

> The key size can be set through the AlgorithmSuite assertion in 
> SecurityPolicy.
>
> Jiandong
>
> Marc Goodner wrote:
>
>> Assigned issue number 014.
>>
>> Marc Goodner
>> Technical Diplomat
>> Microsoft Corporation
>> Tel: (425) 703-1903
>> Blog: http://spaces.msn.com/members/mrgoodner/
>> -----Original Message-----
>> From: Prateek Mishra [mailto:prateek.mishra@oracle.com] Sent: 
>> Tuesday, January 24, 2006 2:35 PM
>> To: ws-sx@lists.oasis-open.org
>> Subject: [ws-sx] New Issue: Is the key agreement algorithm proposed in
>> WS-Trust sound?
>>
>> Protocol:  ws-trust
>>
>>
>>   <>Artifact:  spec
>>
>>  
>>
>> Type:
>>
>> design
>>
>>  
>>
>> Title:
>>
>> Is the key agreement algorithm proposed in WS-Trust sound?
>>
>>  
>>
>> Description:
>>
>> <> Section 6.2.4 proposes the use of P_SHA-1 algorithm taken from rfc 
>> 2246 (TLS 1.0) for implementing a key agreement protocol.
>> However, key agreement in rfc 2246 involves a somewhat different 
>> construction which uses P_SHA-1 only as a sub-component.
>>
>> (1) Is there an analysis or other material available to support the 
>> use of P_SHA-1 as proposed in WS-Trust?
>>
>> (2) P_SHA-1 is an iterative method that could theoretically generate 
>> keying material of unbounded size. It would seem that there would
>> need to be some constraints on the sizes of Ent(req), Ent(resp) and 
>> the computed key. For example, would Ent(req) and Ent(resp) be
>> required to be at least 160 bits? And, if so, what then would be the 
>> recommended size of the computed key?
>>
>>
>>
>>  
>>
>> Related issues:
>>
>>
>>  
>>
>> Proposed Resolution:
>>
>> I dont have one. I am seeking further information from the editors of 
>> the current specification draft.
>>
>