[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Security Demo
We have a session set up with the POC and the security team on Wed at 9-11. It would be great if TRP were there too (or at least someone to represent them, chris?) Can we discuss this there? Thanks for all the details! Maryann SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com> on 02/11/2001 02:21:38 AM To: ebxml-poc@lists.ebxml.org cc: ebxml-transport@lists.ebxml.org Subject: Security Demo POC Members, I believe we need more discussion for security demo of the ebXML Message Service. I'd like to propose that we discuss following issues in Vancouver meeting. 1. What security technologies are used? In the draft proposal of the security demo, three security technologies were proposed. - XML Signature - S/MIME - PGP/MIME We need to decide what security technologies are used to reduce our implementation work. In addition, there are some different version of standard in S/MIME and PGP/MIME. We also need to decide what version of standard is used. - S/MIME - version 2 (RFC 2311 - 2315, 2268) - version 3 (RFC 2630 - 2634, etc.) - PGP/MIME - PGP (RFC 1991, 2015) - OpenPGP (RFC 2440) 2. What algorithms are used? In the security technologies, several algorithms can be used (see following examples). We need to decide what algorithms are used for interoperability. - Used algorithms in XML Signature Algorithm Type Algorithm Requirements --------------------------------------------------------------- Digest SHA1 Required Encoding base64 Required MAC HMAC-SHA1 Required Signature DSAwithSHA1(DSS) Required RSAwithSHA1 Recommended Canonicalization minimal Recommended Canonical XML with Comments Recommended Canonical XML (omits comments) Required Transform XSLT Optional XPath Recommended Enveloped Signature Required - Used algorithms in S/MIME Version 3 - Digest Algorithms SHA-1 MD5 - Signature Algorithms DSA RSA - Key Management Algorithms - Key Agreement Algorithms X9.42 Ephemeral-Static Diffie-Hellman - Key Transport Algorithms RSA - Symmetric Key-Encryption Key Algorithms Triple-DES Key Wrap RC2 Key Wrap - Content Encryption Algorithms Triple-DES CBC RC2 CBC - Message Authentication Code Algorithms HMAC with SHA-1 - Triple-DES and RC2 Key Wrap Algorithms Key Checksum Triple-DES Key Wrap Triple-DES Key Unwrap RC2 Key Wrap RC2 Key Unwrap - Used algorithms in OpenPGP - Public Key Algorithms ID Algorithm -- --------- 1 - RSA (Encrypt or Sign) 2 - RSA Encrypt-Only 3 - RSA Sign-Only 16 - Elgamal (Encrypt-Only), see [ELGAMAL] 17 - DSA (Digital Signature Standard) 18 - Reserved for Elliptic Curve 19 - Reserved for ECDSA 20 - Elgamal (Encrypt or Sign) 21 - Reserved for Diffie-Hellman (X9.42, as defined for IETF-S/MIME) 100 to 110 - Private/Experimental algorithm. Implementations MUST implement DSA for signatures, and Elgamal for encryption. Implementations SHOULD implement RSA keys. Implementations MAY implement any other algorithm. - Symmetric Key Algorithms ID Algorithm -- --------- 0 - Plaintext or unencrypted data 1 - IDEA [IDEA] 2 - Triple-DES (DES-EDE, as per spec - 168 bit key derived from 192) 3 - CAST5 (128 bit key, as per RFC 2144) 4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH] 5 - SAFER-SK128 (13 rounds) [SAFER] 6 - Reserved for DES/SK 7 - Reserved for AES with 128-bit key 8 - Reserved for AES with 192-bit key 9 - Reserved for AES with 256-bit key 100 to 110 - Private/Experimental algorithm. Implementations MUST implement Triple-DES. Implementations SHOULD implement IDEA and CAST5.Implementations MAY implement any other algorithm. - Compression Algorithms ID Algorithm -- --------- 0 - Uncompressed 1 - ZIP (RFC 1951) 2 - ZLIB (RFC 1950) 100 to 110 - Private/Experimental algorithm. Implementations MUST implement uncompressed data. Implementations SHOULD implement ZIP. Implementations MAY implement ZLIB. - Hash Algorithms ID Algorithm Text Name -- --------- ---- ---- 1 - MD5 "MD5" 2 - SHA-1 "SHA1" 3 - RIPE-MD/160 "RIPEMD160" 4 - Reserved for double-width SHA (experimental) 5 - MD2 "MD2" 6 - Reserved for TIGER/192 "TIGER192" 7 - Reserved for HAVAL (5 pass, 160-bit) "HAVAL-5-160" 100 to 110 - Private/Experimental algorithm. Implementations MUST implement SHA-1. Implementations SHOULD implement MD5. 3. How to test interoperability of the security technologies? As showed above, the security technologies utilize many algorithms. I think interoperability test of the security technologies require long time. So I'd like to propose that we test interoperability of the security technologies previously on the internet among POC members. Regards, -- SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com> TEL:+81-45-476-4590(ext.7128-4241) FAX:+81-45-476-4726(ext.7128-6783) Planning Dep., Strategic Planning Div., Software Group, FUJITSU LIMITED
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC