OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-transport message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Security Demo


POC Members, 

I think the POC Team still does not discuss detail of security demo for
Vienna. As I pointed out, we need to decide many items for the demo (see
attached). I'd like to propose that the POC Team begins discussion about
security demo as soon as possible.

Regards, 

--
SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com>
TEL:+81-45-476-4590(ext.7128-4241)  FAX:+81-45-476-4726(ext.7128-6783)
Planning Dep., Strategic Planning Div., Software Group, FUJITSU LIMITED


> Date: Sun, 11 Feb 2001 16:21:38 +0900
> From: SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com>
> Subject: Security Demo
> To: ebxml-poc@lists.ebxml.org
> Cc: ebxml-transport@lists.ebxml.org
> 
> POC Members, 
> 
> I believe we need more discussion for security demo of the ebXML Message
> Service. I'd like to propose that we discuss following issues in
> Vancouver meeting.
> 
> 
> 1. What security technologies are used?
>   In the draft proposal of the security demo, three security
>   technologies were proposed.
>     - XML Signature
>     - S/MIME
>     - PGP/MIME
> 
>   We need to decide what security technologies are used to reduce our
>   implementation work. In addition, there are some different version of
>   standard in S/MIME and PGP/MIME. We also need to decide what version
>   of standard is used.
>     - S/MIME
>         - version 2 (RFC 2311 - 2315, 2268)
>         - version 3 (RFC 2630 - 2634,  etc.)
>     - PGP/MIME
>         - PGP (RFC 1991, 2015)
>         - OpenPGP (RFC 2440)
> 
> 
> 2. What algorithms are used?
>   In the security technologies, several algorithms can be used (see
>   following examples). We need to decide what algorithms are used for
>   interoperability.
> 
>   - Used algorithms in XML Signature
>     Algorithm Type    Algorithm                      Requirements
>     ---------------------------------------------------------------
>     Digest            SHA1                           Required
>     Encoding          base64                         Required
>     MAC               HMAC-SHA1                      Required
>     Signature         DSAwithSHA1(DSS)               Required
>                       RSAwithSHA1                    Recommended
>     Canonicalization  minimal                        Recommended
>                       Canonical XML with Comments    Recommended
>                       Canonical XML (omits comments) Required
>     Transform         XSLT                           Optional
>                       XPath                          Recommended
>                       Enveloped Signature            Required
> 
>   - Used algorithms in S/MIME Version 3
>       - Digest Algorithms
>           SHA-1
>           MD5
>       - Signature Algorithms
>           DSA
>           RSA
>       - Key Management Algorithms
>           - Key Agreement Algorithms
>               X9.42 Ephemeral-Static Diffie-Hellman
>           - Key Transport Algorithms
>               RSA
>           - Symmetric Key-Encryption Key Algorithms
>               Triple-DES Key Wrap
>               RC2 Key Wrap
>       - Content Encryption Algorithms
>           Triple-DES CBC
>           RC2 CBC
>       - Message Authentication Code Algorithms
>           HMAC with SHA-1
>       - Triple-DES and RC2 Key Wrap Algorithms
>           Key Checksum
>           Triple-DES Key Wrap
>           Triple-DES Key Unwrap
>           RC2 Key Wrap
>           RC2 Key Unwrap
> 
>   - Used algorithms in OpenPGP
>     - Public Key Algorithms
>        ID           Algorithm
>        --           ---------
>        1          - RSA (Encrypt or Sign)
>        2          - RSA Encrypt-Only
>        3          - RSA Sign-Only
>        16         - Elgamal (Encrypt-Only), see [ELGAMAL]
>        17         - DSA (Digital Signature Standard)
>        18         - Reserved for Elliptic Curve
>        19         - Reserved for ECDSA
>        20         - Elgamal (Encrypt or Sign)
>        21         - Reserved for Diffie-Hellman (X9.42,
>                     as defined for IETF-S/MIME)
>        100 to 110 - Private/Experimental algorithm.
> 
>        Implementations MUST implement DSA for signatures, and Elgamal for
>        encryption. Implementations SHOULD implement RSA keys.
>        Implementations MAY implement any other algorithm.
> 
>     - Symmetric Key Algorithms
>        ID           Algorithm
>        --           ---------
>        0          - Plaintext or unencrypted data
>        1          - IDEA [IDEA]
>        2          - Triple-DES (DES-EDE, as per spec -
>                     168 bit key derived from 192)
>        3          - CAST5 (128 bit key, as per RFC 2144)
>        4          - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
>        5          - SAFER-SK128 (13 rounds) [SAFER]
>        6          - Reserved for DES/SK
>        7          - Reserved for AES with 128-bit key
>        8          - Reserved for AES with 192-bit key
>        9          - Reserved for AES with 256-bit key
>        100 to 110 - Private/Experimental algorithm.
> 
>        Implementations MUST implement Triple-DES. Implementations SHOULD
>        implement IDEA and CAST5.Implementations MAY implement any other
>        algorithm.
> 
>     - Compression Algorithms
>        ID           Algorithm
>        --           ---------
>        0          - Uncompressed
>        1          - ZIP (RFC 1951)
>        2          - ZLIB (RFC 1950)
>        100 to 110 - Private/Experimental algorithm.
> 
>        Implementations MUST implement uncompressed data. Implementations
>        SHOULD implement ZIP. Implementations MAY implement ZLIB.
> 
>     - Hash Algorithms
>        ID           Algorithm                              Text Name
>        --           ---------                              ---- ----
>        1          - MD5                                    "MD5"
>        2          - SHA-1                                  "SHA1"
>        3          - RIPE-MD/160                            "RIPEMD160"
>        4          - Reserved for double-width SHA (experimental)
>        5          - MD2                                    "MD2"
>        6          - Reserved for TIGER/192                 "TIGER192"
>        7          - Reserved for HAVAL (5 pass, 160-bit)   "HAVAL-5-160"
>        100 to 110 - Private/Experimental algorithm.
> 
>        Implementations MUST implement SHA-1. Implementations SHOULD
>        implement MD5.
> 
> 
> 3. How to test interoperability of the security technologies?
>     As showed above, the security technologies utilize many algorithms.
>     I think interoperability test of the security technologies require
>     long time. So I'd like to propose that we test interoperability of
>     the security technologies previously on the internet among POC
>     members.
> 
> 
> Regards, 
> 
> --
> SHIMAMURA Masayoshi <shima.masa@jp.fujitsu.com>
> TEL:+81-45-476-4590(ext.7128-4241)  FAX:+81-45-476-4726(ext.7128-6783)
> Planning Dep., Strategic Planning Div., Software Group, FUJITSU LIMITED



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help


Powered by eList eXpress LLC