wss message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Issue 233: Proposed text for Security Considerations section of coredocument
- From: Paula K Austel <pka@us.ibm.com>
- To: <wss@lists.oasis-open.org>
- Date: Thu, 13 Nov 2003 10:11:45 -0500
Here is an IBM proposal for replacement
text for Section 13 - Security Considerations.
As stated in the Goals and Requirements
section of this document, this specification is meant to provide extensible
framework and flexible syntax, with which one could implement various
security mechanisms. This framework and syntax by itself does not provide
any guarantee of security. When implementing and using this framework
and syntax, one must make every effort to ensure that the result is not
vulnerable to any one of a wide range of attacks.
It is not feasible to provide a comprehensive
list of security considerations for such a extensible set of mechanisms.
A complete security analysis MUST be conducted on specific solutions based
on this specification. Below we illustrate some of the security concerns
that often come up with protocols of this type, but we stress that this
is not an exhaustive list of concerns.
- freshness guarantee (e.g., the danger
of replay, delayed messages and the danger of relying on timestamps assuming
secure clock synchronization)
- proper use of digital signature and
encryption (signing/encrypting critical parts of the message, interactions
between signatures and encryption), i.e., signatures on (content of) encrypted
messages leak information when in plain-text)
- protection of security tokens (integrity)
- certificate verification (including
revocation issues)
- the danger of using passwords without
outmost protection (i.e. dictionary attacks against passwords, replay,
insecurity of password derived keys, ...)
- the use of randomness (or strong pseudo-randmoness)
- interaction between the security mechanisms
implementing this standard and other system component
- man-in-the-middle attacks
- PKI attacks (i.e. identity mix-ups)
There are many other security
concerns that one may need to consider in security protocols. The list
above should not be used as a "check list" instead of a comprehensive
security analysis.
----------------------------------------------------------
Paula K. Austel
Web Services Security
IBM T.J. Watson Research Center
(914)784-5025
Tieline 863-5025
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]