OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [Protection Order] Property using same source for keys


PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL
THE ISSUE IS ASSIGNED A NUMBER.

The issues coordinators will notify the list when that has occurred.

Protocol:  ws-sp
ws-securitypolicy-1.2-spec-ed-01-r03-diff.pdf

Artifact:  spec

Type: desing

Title: [Protection Order] Property using same source for keys

Description:

In "EncryptBeforeSigning" the spec states that both keys MUST derived
from the same source. What does this mean? Use the same certificate
for both actions (for example if a X509 cert is used). In that case
this seems an unnecessary restriction. At least WS Security does not
mandate this. Also using the same cert to encrypt and sign is not a
good security practice.

Related issues:
i009 Support for different key pairs for sign and encrypt in SP

Proposed Resolution:
Extend the ws-sp spec to support different key sources.

Werner Dittmann
Siemens COM MN CC BD TO
mailto:Werner.Dittmann@siemens.com
Tel:   +49(0)89 636 50265
Mobil: +49(0)172 85 85 245


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]