An open discussion list for topics related to the eduGAIN interfederation service.

[Alex Stuart <Alex.Stuart AT jisc.ac.uk>]

Dear Colleagues,

We in the UK federation team are reviewing the cryptographic strength of our 
metadata publication service. Integrity & authenticity of our aggregates 
(including our eduGAIN upstream feed) is provided by a 2K RSA key, SHA-256 
signature and digest algorithms. We are using a 4K RSA key in our MDQ 
service, and considered the questions: should we be migrating to the 4K key, 
and by when? TL;DR Yes, by 2030.

I hope our analysis is interesting for the member federations of eduGAIN.

We have taken the eduGAIN upstream feeds from the eduGAIN API [0] and 
determined the cryptographic parameters of each. The data below presents the 
triples (RSA key size, signature algorithm, digest algorithm) and the number 
of eduGAIN upstream feeds which use that triple.

(2048, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
'http://www.w3.org/2001/04/xmlenc#sha256'): 34
(3072, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
'http://www.w3.org/2001/04/xmlenc#sha256'): 4
(4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
'http://www.w3.org/2001/04/xmlenc#sha256'): 32
(4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', 
'http://www.w3.org/2001/04/xmlenc#sha512'): 1

Given this data, I've collated security strengths as per tables 2 and 3 of 
NIST SP 800-57 part 1 rev 5 [1] and the footnotes to table 1 in the 
implementation guide for FIPS 140-2 [2] to determine:

- For the first triple, the key size of 2048 is the limiting factor. Strength 
112.
- For the second triple, all three quantities have estimated strength 128.
- For the third triple, increasing the key size to 4K (strength 150 according 
to the formula in [2]) does not increase the strength above 128 because the 
algorithms limit strength to 128
- For the last triple, the algorithms have strength > 256 and it's key size 
that's the limiting factor again. Strength 150.

The UK federation feed is one of the 34 federations in the top line of the 
data. Is that a bad thing? Not necessarily. We still conform to the eduGAIN 
profile [3]. And NIST estimate that this is acceptable through 2030 (Table 4 
of [1]).

We have a migration route to higher strength that is available by 
transitioning to the 4K MDQ key. We intend to do this in the next couple of 
years as we re-engineer our metadata publication toolchain.

We note that the Romanian federation uses SHA-512 algorithms in its eduGAIN 
upstream and with its federation members (which include Shibboleth and 
simpleSAMLphp entities) so there is a route to higher strength for our 
eduGAIN upstream and domestically once we have transitioned to the 4K key.

Any comments, advice or gotchas gratefully received.

Regards,
Alex

[0] Documentation of eduGAIN database access API
https://technical.edugain.org/api

[1] Recommendation for key management
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf

[2] Implementation Guidance for FIPS 140-2 and the Cryptographic Module 
Validation Program
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf

[3] eduGAIN SAML profile
https://technical.edugain.org/doc/eduGAIN-saml-profile.pdf

—
Alex Stuart (he/him)
Technical Development Manager (Trust and Identity)
alex.stuart AT jisc.ac.uk









Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under company number. 05747339, VAT 
number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, Bristol, 
BS1 6NB. T 0203 697 5800.


Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited 
by guarantee which is registered in England under company number 02881024, 
VAT number GB 197 0632 86. The registered office is: 4 Portwall Lane, 
Bristol, BS1 6NB. T 0203 697 5800.


Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company 
limited by shares which is registered in England under company number 
09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall 
Lane, Bristol, BS1 6NB. T 0203 697 5800.


For more details on how Jisc handles your data see our privacy notice here: 
https://www.jisc.ac.uk/website/privacy-notice