Uploaded image for project: 'OASIS ebXML Messaging Services TC'
  1. OASIS ebXML Messaging Services TC
  2. EBXMLMSG-104

PMode[1].Security.X509.Encryption.MinimumStrength

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: Core Spec
    • Labels:
      None
    • Proposal:
      Hide

      State that they parameter should not be used in situations where the algorithm selected using PMode[1].Security.X509.Encryption.Algorithm defines the key size.

      Show
      State that they parameter should not be used in situations where the algorithm selected using PMode [1] .Security.X509.Encryption.Algorithm defines the key size.

      Description

      This parameter is inherited from CPPA2, and its definition is taken from there. It has several problems:

      1) the paragraph assumes more effective bits are better, but this depends on key/algorithm type. A short EC key can be more effective than a long RSA key.

      2) Algorithms typically define the key size. In that case the bit size is determined by the PMode[1].Security.X509.Encryption.Algorithm. The bit size is not an independently selectable parameter in an algorithm. Algorithms differ not just on key size. E.g. the differences between AES 125, 192 and 256 are not just key size.

      3) A P-Mode is like an agreement. In an agreement parties specify what they agree to use, e.g. AES128, not what they agree to use minimally. If the agreement is AES128, the sender should not use AES256.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pvde Pim van der Eijk
            • Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: