XML Encryption 1.1 is a candidate recommendation

The XML Security Working Group has published the Candidate Recommendation for XML Encryption Syntax and Processing 1.1. The most important update in this version addresses the lately published chosen-ciphertext attacks against the CBC class of algorithms. Besides that, AES 128-GCM is now a required algorithm. AES-GCM is an authenticated encryption algorithm and provides both authentication […]

XML Security Working Group announced last calls for XML Encryption working drafts

The XML Security working group published the last calls for two XML Encryption working drafts: XML Encryption 1.1 contains, besides some other updates, AES-128-GCM, a new mandatory algorithm to implement which addresses the lately published security problems (catastrophe?!) with XML Encryption. This part alone justifies a closer look at the candidate recommendation. The other last […]

Unsafe XML Encryption?!

This analysis (in German, English version is available here) by the well-known Ruhr University Bochum puts XML Encryption into some real trouble. Since there is no solution or workaround, the only possibility is to accept the drawbacks and to use SSL to secure any Web Service communication. Back to good old transportation based security.