W3C home > Mailing lists > Public > public-xmlsec@w3.org > August 2011

ACTION-829: Provide additional proposal text regarding xml encryption changes for pkcs1.5

From: Cantor, Scott <cantor.2@osu.edu>
Date: Tue, 16 Aug 2011 14:50:46 +0000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <CA6FFC06.13123%cantor.2@osu.edu>
The goal is to relegate PKCS 1.5 to legacy use, and promote OAEP/V2 as the
RSA transport algorithm for all key types supported in the spec.

I would suggest the following changes:

Remove the last paragraph in the section 5.5 intro that starts "The RSA
v1.5 Key Transport algorithm given below..." It's misleading by implying
you have to use 1.5 with 3DES, and the reference for V2 to AESWRAP isn't
correct anyway. I think that text adds nothing.

Strike this text in 5.5.1:

"Implementations must support this key transport algorithm for
transporting 192-bit TRIPLEDES keys. Support of this algorithm for
transporting other keys is optional. RSA-OAEP is recommended for the
transport of AES keys."


Add text below the CipherData example:

"For backward compatibility, implementations MUST support this key
transport algorithm for transporting 192-bit 3DES keys. It SHOULD NOT be
used in new applications."

Replace the last paragraph in section 5.5.2 with:

"The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256
bits for AES. Implementations MUST implement RSA-OAEP for the transport of
all key types and sizes that are mandatory to implement for symmetric
encryption. They MAY implement RSA-OAEP for the transport of other keys."

Question: What, if anything, should be said about the DigestMethod(s) to
require in conjunction with OAEP. Today, one typically finds that only
SHA-1 works and is used. That seems like a problem if we reach a future
state in which SHA-1 is totally broken and people want to turn it off
entirely rather than pick and choose places where its use isn't suspect. I
think even if we don't need SHA-256 here we ought to mandate it for future
proofing.

-- Scott
Received on Tuesday, 16 August 2011 14:52:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 16 August 2011 14:52:28 GMT