Updated XML Encryption 1.1 Editors Draft from Frederick.Hirsch@nokia.com on 2011-11-10 (public-xmlsec@w3.org from November 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 10 Nov 2011 21:59:49 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <03B606E1-A488-42DE-B398-CBD95AACC76C@nokia.com>

I have updated the XML Encryption 1.1 editors draft [1] to make AES-128-GCM required and to warn about CBC, as agreed on our last teleconference [2]. The changes are as follows:

1. Changed AES128-GCM from Optional to REQUIRED, left AES-192-GCM as Optional

Updated table in section 5.1.1 (items 3 and 4), also status in 5.2.4


  1.  required AES128-GCM
http://www.w3.org/2009/xmlenc11#aes128-gcm
  2.  optional AES-192
http://www.w3.org/2001/04/xmlenc#aes192-cbc

2. Added warning in block encryption algorithm table section 5.1.1:

[[
Note: Use of AES GCM is strongly recommended over any CBC block encryption algorithms as recent advances in cryptanalysis [XMLENC-CBC-ATTACK<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#bib-XMLENC-CBC-ATTACK>] have cast doubt on the ability of CBC block encryption algorithms to protect plain text when used with XML Encryption. Other mitigations should be considered when using CBC block encryption, such as conveying the encrypted data over a secure channel such as TLS. The CBC block encryption algorithms that are listed as required remain so for backward compatibility.
]]

3. Added corresponding reference to attack paper

[[

[XMLENC-CBC-ATTACK]
Tibor Jager; Juraj Somorovsky. How to Break XML Encryption<http://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf> 17-21 October 2011. CCS' 11, ACM. URL:http://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf
]]

4. Added reference to warning in 5.2 (Block Encryption Algorithms) introduction and at the end of sections for Triple DES (5.2.2), AES (5.2.3)

Note: CBC block encryption algorithms should not be used without consideration of possibly severe security risks<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#cbc-warning>.

5. Added new security consideration that references warning (more visible in algorithms section)

[[

6.8 CBC Block Encryption Vulnerabilty

Note: CBC block encryption algorithms should not be used without consideration of possibly severe security risks<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#cbc-warning>.

]]

Please review and note any comment on the public list.

Thanks


regards, Frederick

Frederick Hirsch
Nokia

[1] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html

[2] http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0005/minutes-2011-11-08.html#item03

For tracker, this should complete ACTION-855

Received on Thursday, 10 November 2011 22:01:02 UTC