Call for Consensus: Proposed algorithm change to XML Encryption 1.1 - Deadline 28 August

A] Issue: Security risks may be associated with RSA v1.5

B] Approach: Change RSA v1.5 to OPTIONAL with note warning implementations of security concerns.  Implementations allowed to implement (or not) depending on deployment tradeoffs needed for interoperability and security.

C] Specific Proposal:

All changes are proposed with respect to current XML Encryption 1.1 editors draft at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html

(1) Section 5.1.1 "Table of Algorithms", Key Transport section

Change  "1. Required RSA-v1.5" to "1. Optional RSA-v1.5 (see RSA-v1.5 security note)"

"see RSA-v1.5 security note" is link to warning added to end of section 5.5.1 (see #3)

(2) Sections 5.2-5.9

Removed "Required"/"Optional" after all identifier algorithms in sections 5.2-2.9. Thus these designations only appear in section 5.1, Algorithm Identifiers and Implementation requirements. This reduces duplication and mirrors what we have done in XML Signature 1.1. This also has the effect of removing the "required" notation on RSA v1.5 in section 5.5.1

(3) 5.5.1 RSA Version 1.5

Add to end of section the following warning:

Note:  Implementation of RSA v1.5 is *not* recommended due to security risks associated with the algorithm.

D] Call for Consensus

This message is a Call for Consensus (CfC) to make the changes proposed and is sent as many group members are not on all teleconferences, yet we wish to include the entire group in the decision.
Please respond to this message on the public list with a +1 for support or a message if there are any concerns with the change. Silence will be taken as agreement.  Please respond by 27 August.

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

For tracker, this completes ACTION-898

Received on Wednesday, 15 August 2012 19:09:40 UTC