OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Security Demo


POC Members, 

I believe we need more discussion for security demo of the ebXML Message
Service. I'd like to propose that we discuss following issues in
Vancouver meeting.


1. What security technologies are used?
  In the draft proposal of the security demo, three security
  technologies were proposed.
    - XML Signature
    - S/MIME
    - PGP/MIME

  We need to decide what security technologies are used to reduce our
  implementation work. In addition, there are some different version of
  standard in S/MIME and PGP/MIME. We also need to decide what version
  of standard is used.
    - S/MIME
        - version 2 (RFC 2311 - 2315, 2268)
        - version 3 (RFC 2630 - 2634,  etc.)
    - PGP/MIME
        - PGP (RFC 1991, 2015)
        - OpenPGP (RFC 2440)


2. What algorithms are used?
  In the security technologies, several algorithms can be used (see
  following examples). We need to decide what algorithms are used for
  interoperability.

  - Used algorithms in XML Signature
    Algorithm Type    Algorithm                      Requirements
    ---------------------------------------------------------------
    Digest            SHA1                           Required
    Encoding          base64                         Required
    MAC               HMAC-SHA1                      Required
    Signature         DSAwithSHA1(DSS)               Required
                      RSAwithSHA1                    Recommended
    Canonicalization  minimal                        Recommended
                      Canonical XML with Comments    Recommended
                      Canonical XML (omits comments) Required
    Transform         XSLT                           Optional
                      XPath                          Recommended
                      Enveloped Signature            Required

  - Used algorithms in S/MIME Version 3
      - Digest Algorithms
          SHA-1
          MD5
      - Signature Algorithms
          DSA
          RSA
      - Key Management Algorithms
          - Key Agreement Algorithms
              X9.42 Ephemeral-Static Diffie-Hellman
          - Key Transport Algorithms
              RSA
          - Symmetric Key-Encryption Key Algorithms
              Triple-DES Key Wrap
              RC2 Key Wrap
      - Content Encryption Algorithms
          Triple-DES CBC
          RC2 CBC
      - Message Authentication Code Algorithms
          HMAC with SHA-1
      - Triple-DES and RC2 Key Wrap Algorithms
          Key Checksum
          Triple-DES Key Wrap
          Triple-DES Key Unwrap
          RC2 Key Wrap
          RC2 Key Unwrap

  - Used algorithms in OpenPGP
    - Public Key Algorithms
       ID           Algorithm
       --           ---------
       1          - RSA (Encrypt or Sign)
       2          - RSA Encrypt-Only
       3          - RSA Sign-Only
       16         - Elgamal (Encrypt-Only), see [ELGAMAL]
       17         - DSA (Digital Signature Standard)
       18         - Reserved for Elliptic Curve
       19         - Reserved for ECDSA
       20         - Elgamal (Encrypt or Sign)
       21         - Reserved for Diffie-Hellman (X9.42,
                    as defined for IETF-S/MIME)
       100 to 110 - Private/Experimental algorithm.

       Implementations MUST implement DSA for signatures, and Elgamal for
       encryption. Implementations SHOULD implement RSA keys.
       Implementations MAY implement any other algorithm.

    - Symmetric Key Algorithms
       ID           Algorithm
       --           ---------
       0          - Plaintext or unencrypted data
       1          - IDEA [IDEA]
       2          - Triple-DES (DES-EDE, as per spec -
                    168 bit key derived from 192)
       3          - CAST5 (128 bit key, as per RFC 2144)
       4          - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
       5          - SAFER-SK128 (13 rounds) [SAFER]
       6          - Reserved for DES/SK
       7          - Reserved for AES with 128-bit key
       8          - Reserved for AES with 192-bit key
       9          - Reserved for AES with 256-bit key
       100 to 110 - Private/Experimental algorithm.

       Implementations MUST implement Triple-DES. Implementations SHOULD
       implement IDEA and CAST5.Implementations MAY implement any other
       algorithm.

    - Compression Algorithms
       ID           Algorithm
       --           ---------
       0          - Uncompressed
       1          - ZIP (RFC 1951)
       2          - ZLIB (RFC 1950)
       100 to 110 - Private/Experimental algorithm.

       Implementations MUST implement uncompressed data. Implementations
       SHOULD implement ZIP. Implementations MAY implement ZLIB.

    - Hash Algorithms
       ID           Algorithm                              Text Name
       --           ---------                              ---- ----
       1          - MD5                                    "MD5"
       2          - SHA-1                                  "SHA1"
       3          - RIPE-MD/160                            "RIPEMD160"
       4          - Reserved for double-width SHA (experimental)
       5          - MD2                                    "MD2"
       6          - Reserved for TIGER/192                 "TIGER192"
       7          - Reserved for HAVAL (5 pass, 160-bit)   "HAVAL-5-160"
       100 to 110 - Private/Experimental algorithm.

       Implementations MUST implement SHA-1. Implementations SHOULD
       implement MD5.


3. How to test interoperability of the security technologies?
    As showed above, the security technologies utilize many algorithms.
    I think interoperability test of the security technologies require
    long time. So I'd like to propose that we test interoperability of
    the security technologies previously on the internet among POC
    members.


Regards, 

--
SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com>
TEL:+81-45-476-4590(ext.7128-4241)  FAX:+81-45-476-4726(ext.7128-6783)
Planning Dep., Strategic Planning Div., Software Group, FUJITSU LIMITED



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help


Powered by eList eXpress LLC