Hello,
I am working on a project where
WS-Security is being proposed. Security
experts have pointed to some guideline
documents that mention more modern
security algorithms than are recommended
in the BSP and in some other Web
Services-related guidelines I have
seen.
Do WS-Security toolkits and vendor
products these days commonly support
these newer algorithms like SHA-256, so
can a community therefore mandate them,
or are most toolkits still limited to
SHA-1 and would mandating SHA-256 create
interoperability problems?
Kind Regards,
Pim van der Eijk
-------- Original Message --------
Hello,
My first question on this list, sorry
for not having had time for this TC
before.
http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/csprd01/BasicSecurityProfile-v1.1-csprd01.html#_Toc364859639
The SHA-1
Digest algorithm is
widely-implemented and
interoperable hence the
recommendation that it be used for
signature digests.
R5420
Any
DIGEST_METHOD Algorithm attribute
SHOULD have the value
"http://www.w3.org/2000/09/xmldsig#sha1".
While interoperable, there are
concerns that SHA-1 is no longer secure.
Current guidelines do not longer
recommend SHA-1 but instead recommend
moving to SHA-256 or higher:
http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/#sec-MessageDigests
"
This specification defines several
possible digest algorithms for the
DigestMethod element, including
REQUIRED
algorithm SHA-256. Use of SHA-256 is
strongly recommended over SHA-1
because recent advances in
cryptanalysis (see e.g. [SHA-1-Analysis])
have cast doubt on the long-term
collision resistance of SHA-1.
Therefore, SHA-1 support is
REQUIRED
in this specification only for
backwards-compatibility reasons."
http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report
"
SHA-1 as a hash function only for
legacy applications"
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
"
FIPS PUB 180-4 (using SHA-256 and
SHA-384)"
Shouldn't the BSP make recommendations
consistent with current security
recommendations?
Kind Regards,
Pim van der Eijk