[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wss-dev] Support for modern security algorithms in WS-Security (resend, type)
Pim
resend, fixed typo, "now both recommendations"
XML Security 1.1 has updated algorithm information;
SHA-256 is REQUIRED in XML Signature 1.1; SHA-1 required but use is discouraged.
"Note: Use of SHA-256 is strongly recommended over SHA-1 because recent advances in cryptanalysis (see e.g. [SHA-1-Analysis],
[SHA-1-Collisions]
) have cast doubt on the long-term collision resistance of SHA-1."
XML Signature Best Practices has updated information on threats, countermeasures and algorithms that might be useful as well:
It seems WSS references XML Signature from 2002 which is 2 versions behind (2nd Edition and 1.1 are now both Recommendations and incorporate algorithm updates, security updates, clarifications see [1] ).
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
and http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/explain.html for 2nd edition
On Nov 14, 2013, at 4:32 AM, ext Pim van der Eijk wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]