- From: Bruce Rich <brich@us.ibm.com>
- Date: Tue, 13 Dec 2011 11:06:45 -0600
- To: public-xmlsec@w3.org
- Message-ID: <OF11716F83.74059A91-ON86257965.005DCB72-86257965.005E0192@us.ibm.com>
Forwarding to list... Bruce A Rich brich at-sign us dot ibm dot com ----- Forwarded by Bruce Rich/Austin/IBM on 12/13/2011 11:04 AM ----- From: Moberg Dale <dmoberg@axway.com> To: Bruce Rich/Austin/IBM@IBMUS, "Kathryn.r.Breininger@boeing.com" <Kathryn.r.Breininger@boeing.com> Cc: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com> Date: 12/09/2011 01:13 PM Subject: RE: Potential XML encryption change Sorry for the delay but I had not run into Galois Count mode, so I had to do some reading. After the developers and I went through the issues we currently have, we don’t see any worse problem than we already have. (J) Anecdotally speaking, no B2B files with large amounts of XML in them have turned up yet, partly because RosettaNet doesn’t yet have many using MMS ebMS or WSI and in automotive, using OAGIS BODs, we see dealer to OEM traffic, and the average size is moderate. And for those using straight WWS in SOAP, the messages so far are small. EDI and other b2b data can reach gigabyte range, but it is mainly PKCS7 over EDIINT-AS2. AS4 may change that, but that is probably still 2 years out. From: Bruce Rich [mailto:brich@us.ibm.com] Sent: Tuesday, November 29, 2011 11:37 AM To: Moberg Dale; Kathryn.r.Breininger@boeing.com Cc: Frederick.Hirsch@nokia.com Subject: Potential XML encryption change The W3C XML Security working group would like some feedback from the ebXML technical committee on some changes that are being discussed for XML encryption. Because of an increasing number of increasingly troublesome attacks on XML encryption, the working group is likely to propose that the current recommendation of encrypting with AES/CBC be changed to AES/GCM. Simply put, this change would sidestep the CBC-based attacks by automatically adding the equivalent of signing to the encryption process, which has the effect of adding signature verification to the decryption step. Although there are many technical reasons to adopt this change, GCM is not ideally-suited to large documents, as none of the cleartext should be returned from the decrypt step until the signature (tag) verification can be completed, which may require the entire document to be in memory. Initial thinking is that documents larger than 20 MB may be challenging for some environments to accommodate, so it is possible that although the Web Services community might not be impacted, your community might. Would you mind sharing with us your reading on the impact to ebXML? Are there particular size ranges that you expect to have to handle as a matter of course? Thanks, Bruce A Rich brich at-sign us dot ibm dot com
Received on Tuesday, 13 December 2011 17:09:20 UTC