Subject: Re: [ws-sx] Issue 014: Is the key agreement algorithm proposed inWS-Trust sound?
OK, but what should it be? Can I have entropy of 2 bits and a key size of 500 bits? What is the minimum size recommended for entropy? You get my drift. - prateek > The key size can be set through the AlgorithmSuite assertion in > SecurityPolicy. > > Jiandong > > Marc Goodner wrote: > >> Assigned issue number 014. >> >> Marc Goodner >> Technical Diplomat >> Microsoft Corporation >> Tel: (425) 703-1903 >> Blog: http://spaces.msn.com/members/mrgoodner/ >> -----Original Message----- >> From: Prateek Mishra [mailto:firstname.lastname@example.org] Sent: >> Tuesday, January 24, 2006 2:35 PM >> To: email@example.com >> Subject: [ws-sx] New Issue: Is the key agreement algorithm proposed in >> WS-Trust sound? >> >> Protocol: ws-trust >> >> >> <>Artifact: spec >> >> >> >> Type: >> >> design >> >> >> >> Title: >> >> Is the key agreement algorithm proposed in WS-Trust sound? >> >> >> >> Description: >> >> <> Section 6.2.4 proposes the use of P_SHA-1 algorithm taken from rfc >> 2246 (TLS 1.0) for implementing a key agreement protocol. >> However, key agreement in rfc 2246 involves a somewhat different >> construction which uses P_SHA-1 only as a sub-component. >> >> (1) Is there an analysis or other material available to support the >> use of P_SHA-1 as proposed in WS-Trust? >> >> (2) P_SHA-1 is an iterative method that could theoretically generate >> keying material of unbounded size. It would seem that there would >> need to be some constraints on the sizes of Ent(req), Ent(resp) and >> the computed key. For example, would Ent(req) and Ent(resp) be >> required to be at least 160 bits? And, if so, what then would be the >> recommended size of the computed key? >> >> >> >> >> >> Related issues: >> >> >> >> >> Proposed Resolution: >> >> I dont have one. I am seeking further information from the editors of >> the current specification draft. >> >