Re: XML Signature 1.1 items at risk (removal) from Frederick.Hirsch@nokia.com on 2012-08-13 (public-xmlsec@w3.org from August 2012)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 13 Aug 2012 13:59:33 +0000
To: <pratik.datta@oracle.com>
CC: <Frederick.Hirsch@nokia.com>, <cantor.2@osu.edu>, <public-xmlsec@w3.org>
Message-ID: <D8CEF1B0-A497-4700-811A-00A5A3C2C351@nokia.com>

Thanks Pratik!

I added SHA-224 to the editors draft:

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.src.html#sec-AlgID

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.src.html#sec-SHA-224

I also updated the developer-explain and explain accordingly:

regards, Frederick

Frederick Hirsch
Nokia



On Aug 12, 2012, at 3:37 AM, ext Pratik Datta wrote:

> I have uploaded test vectors for SHA224  and HMACOutputLength
> 
> For SHA224
> ==========
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha224.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p256_sha224.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p384_sha224.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-p521_sha224.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-rsa-sha224.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-sha224-rsa_sha256.xml
> 
> I noticed that the latest Dsig 1.1 spec does not have the SHA224 digest algorithm, i.e it doesn't have this one:
>  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224" />
> 
> Are we going to add this algorithm? Three of the above test cases uses SHA224 digest algorithm.
> 
> 
> For HMACOutputLength
> ====================
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated40.xml
> https://www.w3.org/2008/xmlsec/Group/interop/xmldsig11/oracle/signature-enveloping-hmac-sha1-truncated160.xml
> 
> The first one is truncated to 40 bytes, so it should be rejected.  The second one is not truncated at all, so it should be accepted.
> 
> Pratik
> 
> -----Original Message-----
> From: Cantor, Scott [mailto:cantor.2@osu.edu] 
> Sent: Monday, August 06, 2012 6:43 PM
> To: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
> Subject: Re: XML Signature 1.1 items at risk (removal)
> 
> On 8/6/12 9:33 PM, "Frederick.Hirsch@nokia.com"
> <Frederick.Hirsch@nokia.com> wrote:
>> 
>> (1) SHA-224 related algorithms: ECDSA-SHA224, HMAC-SHA224, 
>> RSAwithSHA224
> 
> By end of month I can produce a vector for these, or at least the public key ones, or verify somebody else's if they have one.
> 
>> (2) KeyInfo X509Data items: OCSPResponse, X509Digest (1 implementation 
>> Apache Santuario)
>> 
>> (3) KeyInfo items: DEREncodedKeyValue (1 implementation Apache 
>> Santuario), KeyInfoReference (1 implementation Apache Santuario)
> 
> The KeyInfoReference implementation is OpenSAML from the Shibboleth project, rather than Santuario. It doesn't fit into the Santuario code base as a useful feature.
> 
> You can add OpenSAML to the DEREncodedKeyValue set also.
> 
> As we discussed last call, I'm the author in both projects.
> 
> Note that if you pull X509Digest, we're back to having a broken X509IssuerSerial as the alternative because people objected to fixing the schema.
> 
>> (4) HMACOutputLength
> 
> If there's an existing vector for this that used to be allowed but should now fail, can somebody identify it?
> 
> -- Scott
> 
>

Received on Monday, 13 August 2012 14:00:19 UTC