Re: Integrity Checking Requirement was -> RE: HW Support and XML Enc ryption Requirements

Resent-Date: Fri, 23 Feb 2001 22:11:56 -0500 (EST)
>From: Paul Lambert <Paul.Lambert@cosinecom.com>
> # On Integrity Checking
>
>I propose that "integrity" requirements be added:
>
>x. The specification must provide mechanisms to check the integrity of
>decrypted data.  Mandatory to implement algorithms should include integrity
>check mechanisms.
>
>
>Integrity is a critical service.  There are a variety of attacks possible if
>the veracity of decrypted information is not validated.  This validity check
>should be mandatory.
>
>Digital signatures provide integrity and could be used within an
>EncryptedData element. This is overkill.  All that is needed is a more
>simple mechanism (checksum, MAC or know value) to reliably indicate that the
>decryption process was successful.
>

I strongly support the suggestion of requiring support for data integrity
checking in XML-Encryption. In fact I was about to propose exactly this
myself. We should at least mandate something like HMAC-SHA1. This is easy
to implement, and removes the necessity to implement XML-signature just
to get integrity checking (which is overkill as Paul says).
The encryption step has to reduce XML to bytes for the cipher, and it
is easy to add a MAC at this point (and check on decode).

It would probably be a good idea to go as far as saying that MAC is
included by default in the encryption transform.  People often
assume that encryption alone is enough, and that when encrypting you
don't need integrity checks - which can lead to nasty flaws. It's safer
to always include a MAC when encrypting.


Mike Wray (mike_wray@hp.com)

Received on Monday, 26 February 2001 09:51:47 UTC