- From: <Frederick.Hirsch@nokia.com>
- Date: Thu, 10 Nov 2011 21:59:49 +0000
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
- Message-ID: <03B606E1-A488-42DE-B398-CBD95AACC76C@nokia.com>
I have updated the XML Encryption 1.1 editors draft [1] to make AES-128-GCM required and to warn about CBC, as agreed on our last teleconference [2]. The changes are as follows: 1. Changed AES128-GCM from Optional to REQUIRED, left AES-192-GCM as Optional Updated table in section 5.1.1 (items 3 and 4), also status in 5.2.4 1. required AES128-GCM http://www.w3.org/2009/xmlenc11#aes128-gcm 2. optional AES-192 http://www.w3.org/2001/04/xmlenc#aes192-cbc 2. Added warning in block encryption algorithm table section 5.1.1: [[ Note: Use of AES GCM is strongly recommended over any CBC block encryption algorithms as recent advances in cryptanalysis [XMLENC-CBC-ATTACK<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#bib-XMLENC-CBC-ATTACK>] have cast doubt on the ability of CBC block encryption algorithms to protect plain text when used with XML Encryption. Other mitigations should be considered when using CBC block encryption, such as conveying the encrypted data over a secure channel such as TLS. The CBC block encryption algorithms that are listed as required remain so for backward compatibility. ]] 3. Added corresponding reference to attack paper [[ [XMLENC-CBC-ATTACK] Tibor Jager; Juraj Somorovsky. How to Break XML Encryption<http://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf> 17-21 October 2011. CCS' 11, ACM. URL:http://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf ]] 4. Added reference to warning in 5.2 (Block Encryption Algorithms) introduction and at the end of sections for Triple DES (5.2.2), AES (5.2.3) Note: CBC block encryption algorithms should not be used without consideration of possibly severe security risks<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#cbc-warning>. 5. Added new security consideration that references warning (more visible in algorithms section) [[ 6.8 CBC Block Encryption Vulnerabilty Note: CBC block encryption algorithms should not be used without consideration of possibly severe security risks<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#cbc-warning>. ]] Please review and note any comment on the public list. Thanks regards, Frederick Frederick Hirsch Nokia [1] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html [2] http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0005/minutes-2011-11-08.html#item03 For tracker, this should complete ACTION-855
Received on Thursday, 10 November 2011 22:01:02 UTC