The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
Security Settings Discussion Document
This document should not be considered as design. It is purely an input into the design meeting in Feb 2013. It may then become an input into an eventual design document.
Current State of XML Signature / Encryption
SHA-1 is being deprecated in favor of SHA-2 (256 primarily).
RSA > 4096 is viewed as diminishing returns.
ECDSA supported by Java 6+, xmlsec 1.5+, but compiled out of every Red Hat OpenSSL release.
RSA-PKCS 1.5 key transport is vulnerable to key recovery.
AES-CBC encryption is vulnerable to plaintext recovery via chosen ciphertext unless signing is done.
AES-GCM unsupported by Java w/o Bouncy Castle (untested with), unsupported by OpenSSL < 1.0.1
Open
What changes to defaults do we want or need to make?
- See Message Level Security, an old document discussing issues connected to changing defaults related to signing.
What mechanism do we have or want to have for blacklisting or whitelisting algorithms?
- Are there algorithms we need to block? Should we enforce minimum key sizes?