[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: Issue ER017: Conflict Nonce reuse description in the currentWS-SC 1.3
On the last call it was discussed if this was just an editorial mistake, e.g. the text at 889 is supposed to say SHOULD NOT instead of SHOULD. There was a question if this was actually intentional for cryptographic reasons. Jan and I have looked into this some more and are convinced it is an editorial mistake, there are not any cryptographic reasons that the nonce should be reused. -----Original Message----- From: Marc Goodner [mailto:mgoodner@microsoft.com] Sent: Wednesday, November 28, 2007 6:53 AM To: Hyen V Chung; ws-sx@lists.oasis-open.org Subject: [ws-sx] Issue ER017: Conflict Nonce reuse description in the current WS-SC 1.3 Issue ER017 -----Original Message----- From: Hyen V Chung [mailto:hychung@us.ibm.com] Sent: Monday, November 19, 2007 9:35 AM To: ws-sx@lists.oasis-open.org Cc: Marc Goodner Subject: NEW Issue: Conflict Nonce reuse description in the current WS-SC 1.3 PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. The issues coordinators will notify the list when that has occurred. Protocol: ws-sc WS-SecureConversation 1.3 OASIS Standard 1 March 2007 ( http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.pdf ) Artifact: spec Type: design Title: Conflict Nonce reuse description found in the 1.3 specification Description: Line 796 - 799: It stated that nonce is not recommended to be reused. The policy presents a method for specifying this information. 796 The RECOMMENDED approach is to use separate nonces and have independently generated keys for 797 signing and encrypting in each direction. Furthermore, it is RECOMMENDED that new keys be derived 798 for each message (i.e., previous nonces are not re-used). Where as in Line 886 - 890: It stated that the same nonce should be used for subsequent derivation. 886 If specified, this optional element specifies a base64 encoded nonce that is used in the key 887 derivation function for this derived key. If this isn't specified, it is assumed that the recipient 888 knows the nonce to use. Note that once a nonce is used for a derivation sequence, the same 889 nonce SHOULD be used for all subsequent derivations. Related issues: Proposed Resolution: Thanks, Henry --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]