Strength of R5001 (Use of RSA1.5)

15 views
Skip to first unread message

Rimas Rekasius

unread,
May 12, 2005, 4:25:11 PM5/12/05
to basi...@googlegroups.com
The current version of the Basic B2B Profile has the following
requirement in it constraining the choice of encryption algorithm:

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"http://www.w3.org/2001/04/xmlenc#rsa-1_5".

Question: should this be softened to a SHOULD, or is MUST the right
thing to do for the sake of interoperability?

Thanks,

Rimas

Anthony Nadalin

unread,
May 13, 2005, 12:19:42 PM5/13/05
to basi...@googlegroups.com

There are 2 allowed values, if each site chooses the same algorithm (OEAP or RSA1.5) no problem (only way to do this today is out of band), so this should be softened to "SHOULD" and http://www.w3.org/2001/04/xmlenc#rsa-1_5 should be made the default value

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Rimas Rekasius/Chicago/IBM@IBMUSRimas Rekasius/Chicago/IBM@IBMUS


          Rimas Rekasius/Chicago/IBM@IBMUS

          05/12/2005 03:25 PM

          Please respond to
          basicB2B


To

basi...@googlegroups.com

cc


Subject

Strength of R5001 (Use of RSA1.5)

Christopher B Ferris

unread,
May 13, 2005, 1:01:09 PM5/13/05
to basi...@googlegroups.com
+1

Christopher Ferris
STSM, Emerging e-business Industry Architecture
email: chri...@us.ibm.com
blog: http://webpages.charter.net/chrisfer/blog.html
phone: +1 508 377 9295

Anthony Nadalin/Austin/IBM@IBMUS wrote on 05/13/2005 12:19:42 PM:

> There are 2 allowed values, if each site chooses the same algorithm
(OEAP or RSA1.5) no problem
> (only way to do this today is out of band), so this should be softened
to "SHOULD" and http://www.
> w3.org/2001/04/xmlenc#rsa-1_5 should be made the default value
>
> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
> [image removed] Rimas Rekasius/Chicago/IBM@IBMUS
>

>
> Rimas Rekasius/Chicago/IBM@IBMUS
> 05/12/2005 03:25 PM
>
> Please respond to
> basicB2B
>
> [image removed]
> To
>
> [image removed]
> basi...@googlegroups.com
>
> [image removed]
> cc
>
> [image removed]
>
> [image removed]
> Subject
>
> [image removed]
> Strength of R5001 (Use of RSA1.5)
>
> [image removed]
>
> [image removed]

Rimas Rekasius

unread,
May 25, 2005, 6:19:54 PM5/25/05
to basi...@googlegroups.com

OK, so just to be painfully clear, the proposal is to change

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"
http://www.w3.org/2001/04/xmlenc#rsa-1_5".

to

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY SHOULD have a value of
"
http://www.w3.org/2001/04/xmlenc#rsa-1_5".


Unless I hear any objections, I will proceed to make this change in a new version of the profile that I am working on.

Regards,

Rimas V. Rekasius
e-business Industry Standards Architect
1-312-245-6775 (voice/FAX)
1-773-934-2705 (cell phone)



Anthony Nadalin/Austin/IBM@IBMUS

05/13/2005 11:19 AM

Please respond to
basicB2B

To
basi...@googlegroups.com
cc
Subject
Re: Strength of R5001 (Use of RSA1.5)


Anthony Nadalin

unread,
May 30, 2005, 5:05:48 PM5/30/05
to basi...@googlegroups.com, basi...@googlegroups.com

Correct



Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Rimas Rekasius/Chicago/IBM@IBMUSRimas Rekasius/Chicago/IBM@IBMUS



Subject


Re: Strength of R5001 (Use of RSA1.5)



OK, so just to be painfully clear, the proposal is to change

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY MUST have a value of
"
http://www.w3.org/2001/04/xmlenc#rsa-1_5".

to

R5001 When used for Key Transport, any xenc:EncryptionMethod/@Algorithm
attribute in an ENCRYPTED_KEY SHOULD have a value of
"
http://www.w3.org/2001/04/xmlenc#rsa-1_5".


Unless I hear any objections, I will proceed to make this change in a new version of the profile that I am working on.

Regards,

Rimas V. Rekasius
e-business Industry Standards Architect
1-312-245-6775 (voice/FAX)
1-773-934-2705 (cell phone)


Anthony Nadalin/Austin/IBM@IBMUS

05/13/2005 11:19 AM

Please respond to
basicB2B

Subject
Re: Strength of R5001 (Use of RSA1.5)


Reply all
Reply to author
Forward
0 new messages