OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Support for modern security algorithms in WS-Security



Hello,

I am working on a project where WS-Security is being proposed.  Security experts have pointed to some guideline documents that mention more modern security algorithms than are recommended in the BSP and in some other Web Services-related guidelines I have seen.   

Do WS-Security toolkits and vendor products these days commonly support these newer algorithms like SHA-256,  so can a community therefore mandate them, or are most toolkits still limited to SHA-1 and would mandating SHA-256 create interoperability problems?

Kind Regards,

Pim van der Eijk


-------- Original Message --------
Subject: [ws-brsp] BSP: SHA1 Preferred ?
Date: Wed, 13 Nov 2013 19:14:18 +0100
From: Pim van der Eijk <pvde@sonnenglanz.net>
To: ws-brsp@lists.oasis-open.org



Hello,

My first question on this list,  sorry for not having had time for this TC before.

http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd01/BasicSecurityProfile-v1.1-csprd01.html#_Toc364859639

9.6.1  SHA-1 Preferred

The SHA-1 Digest algorithm is widely-implemented and interoperable hence the recommendation that it be used for signature digests.

R5420 Any DIGEST_METHOD Algorithm attribute SHOULD have the value "http://www.w3.org/2000/09/xmldsig#sha1".


While interoperable, there are concerns that SHA-1 is no longer secure. Current guidelines do not longer recommend SHA-1 but instead recommend moving to SHA-256 or higher:

http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests
"This specification defines several possible digest algorithms for the DigestMethod element, including REQUIRED algorithm SHA-256. Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis]) have cast doubt on the long-term collision resistance of SHA-1. Therefore, SHA-1 support is REQUIRED in this specification only for backwards-compatibility reasons."

http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report 
"SHA-1 as a hash function only for legacy applications"

http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml  
"FIPS PUB 180-4 (using SHA-256 and SHA-384)"

Shouldn't the BSP make recommendations consistent with current security recommendations?

Kind Regards,

Pim van der Eijk










[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]