Mike Wray
mike_wray@hp.com Internet Security and Solutions Division
Hewlett-Packard
Authorization: SPKI certificates
attribute and name certificates
principals are public keys or key hashes
Message security: SLS
Session Layer Security protocol
provides end-to-end security
transport independent
supports secure relays
allows address rewriting
algorithms:
elliptic curve DH
Blowfish, 3DES, RC4,
HMAC-SHA1
Handshake sets up:
session id (SPI)
shared secret
ciphersuite
encryption and MAC keys for each direction
Handshake may also include requirements (attributes) to be proved by each party
proof is a set of certificates
handshake fails if not proved
[graphic]
support encryption info identified by SPI
keys vary for encryption, MAC and direction
spi and sequence number included
support MAC
support literal RSA keys directly, no name
support key hashes
key naming to support parameters
document integrity
prevent substitution of encrypted items
prevent tampering with encryption info
encrypted item integrity
prevent tampering with ciphertext
suggest encryption should use MAC by default
encrypted XML potentially vulnerable to low entropy attacks?
support randomized encryption modes
should require AES be supported
sender or recipient name may be an exposure
support literal keys (and hashes)
application-defined ids
ensure no reliance on unauthenticated data
consistency with XML-Signature KeyInfo