[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] RE: Issue ER017: Conflict Nonce reuse description in the current WS-SC 1.3
I agree with Mark. Hal > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Monday, December 10, 2007 11:28 AM > To: Jan Alexander; Marc Goodner; Hyen V Chung; ws-sx@lists.oasis-open.org > Subject: [ws-sx] RE: Issue ER017: Conflict Nonce reuse description in the > current WS-SC 1.3 > > On the last call it was discussed if this was just an editorial mistake, > e.g. the text at 889 is supposed to say SHOULD NOT instead of SHOULD. > There was a question if this was actually intentional for cryptographic > reasons. Jan and I have looked into this some more and are convinced it is > an editorial mistake, there are not any cryptographic reasons that the > nonce should be reused. > > -----Original Message----- > From: Marc Goodner [mailto:mgoodner@microsoft.com] > Sent: Wednesday, November 28, 2007 6:53 AM > To: Hyen V Chung; ws-sx@lists.oasis-open.org > Subject: [ws-sx] Issue ER017: Conflict Nonce reuse description in the > current WS-SC 1.3 > > Issue ER017 > > -----Original Message----- > From: Hyen V Chung [mailto:hychung@us.ibm.com] > Sent: Monday, November 19, 2007 9:35 AM > To: ws-sx@lists.oasis-open.org > Cc: Marc Goodner > Subject: NEW Issue: Conflict Nonce reuse description in the current WS-SC > 1.3 > > > PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE > ISSUE IS ASSIGNED A NUMBER. > The issues coordinators will notify the list when that has occurred. > > Protocol: ws-sc > > WS-SecureConversation 1.3 OASIS Standard 1 March 2007 ( > http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws- > secureconversation-1.3-os.pdf > ) > > Artifact: spec > > Type: design > > Title: Conflict Nonce reuse description found in the 1.3 specification > > Description: > > Line 796 - 799: It stated that nonce is not recommended to be reused. > The policy presents a method for specifying this information. 796 The > RECOMMENDED approach is to use separate nonces and have independently > generated keys for 797 signing and encrypting in each direction. > Furthermore, it is RECOMMENDED that new keys be derived 798 for each > message (i.e., previous nonces are not re-used). > > Where as in Line 886 - 890: It stated that the same nonce should be used > for subsequent derivation. > 886 If specified, this optional element specifies a base64 encoded nonce > that is used in the key 887 derivation function for this derived key. If > this isn't specified, it is assumed that the recipient 888 knows the nonce > to use. Note that once a nonce is used for a derivation sequence, the same > 889 nonce SHOULD be used for all subsequent derivations. > > > Related issues: > > > Proposed Resolution: > > > > > Thanks, > Henry > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in > OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]