An open discussion list for topics related to the eduGAIN interfederation service.

[Nicole Roy <nroy AT internet2.edu>]

Thanks Alex, this is really good/important information. I’m wondering if this 
might be a good thing to discuss at, say, the upcoming REFEDS meeting?

Nicole R

> On Jun 3, 2022, at 8:47 AM, Alex Stuart <Alex.Stuart AT jisc.ac.uk> wrote:
> 
> Dear Colleagues,
> 
> We in the UK federation team are reviewing the cryptographic strength of 
> our metadata publication service. Integrity & authenticity of our 
> aggregates (including our eduGAIN upstream feed) is provided by a 2K RSA 
> key, SHA-256 signature and digest algorithms. We are using a 4K RSA key in 
> our MDQ service, and considered the questions: should we be migrating to 
> the 4K key, and by when? TL;DR Yes, by 2030.
> 
> I hope our analysis is interesting for the member federations of eduGAIN.
> 
> We have taken the eduGAIN upstream feeds from the eduGAIN API [0] and 
> determined the cryptographic parameters of each. The data below presents 
> the triples (RSA key size, signature algorithm, digest algorithm) and the 
> number of eduGAIN upstream feeds which use that triple.
> 
> (2048, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
> 'http://www.w3.org/2001/04/xmlenc#sha256'): 34
> (3072, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
> 'http://www.w3.org/2001/04/xmlenc#sha256'): 4
> (4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
> 'http://www.w3.org/2001/04/xmlenc#sha256'): 32
> (4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', 
> 'http://www.w3.org/2001/04/xmlenc#sha512'): 1
> 
> Given this data, I've collated security strengths as per tables 2 and 3 of 
> NIST SP 800-57 part 1 rev 5 [1] and the footnotes to table 1 in the 
> implementation guide for FIPS 140-2 [2] to determine:
> 
> - For the first triple, the key size of 2048 is the limiting factor. 
> Strength 112.
> - For the second triple, all three quantities have estimated strength 128.
> - For the third triple, increasing the key size to 4K (strength 150 
> according to the formula in [2]) does not increase the strength above 128 
> because the algorithms limit strength to 128
> - For the last triple, the algorithms have strength > 256 and it's key size 
> that's the limiting factor again. Strength 150.
> 
> The UK federation feed is one of the 34 federations in the top line of the 
> data. Is that a bad thing? Not necessarily. We still conform to the eduGAIN 
> profile [3]. And NIST estimate that this is acceptable through 2030 (Table 
> 4 of [1]).
> 
> We have a migration route to higher strength that is available by 
> transitioning to the 4K MDQ key. We intend to do this in the next couple of 
> years as we re-engineer our metadata publication toolchain.
> 
> We note that the Romanian federation uses SHA-512 algorithms in its eduGAIN 
> upstream and with its federation members (which include Shibboleth and 
> simpleSAMLphp entities) so there is a route to higher strength for our 
> eduGAIN upstream and domestically once we have transitioned to the 4K key.
> 
> Any comments, advice or gotchas gratefully received.
> 
> Regards,
> Alex
> 
> [0] Documentation of eduGAIN database access API
> https://technical.edugain.org/api
> 
> [1] Recommendation for key management
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
> 
> [2] Implementation Guidance for FIPS 140-2 and the Cryptographic Module 
> Validation Program
> https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf
> 
> [3] eduGAIN SAML profile
> https://technical.edugain.org/doc/eduGAIN-saml-profile.pdf
> 
> —
> Alex Stuart (he/him)
> Technical Development Manager (Trust and Identity)
> alex.stuart AT jisc.ac.uk
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Jisc is a registered charity (number 1149740) and a company limited by 
> guarantee which is registered in England under company number. 05747339, 
> VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, 
> Bristol, BS1 6NB. T 0203 697 5800.
> 
> 
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company 
> limited by guarantee which is registered in England under company number 
> 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall 
> Lane, Bristol, BS1 6NB. T 0203 697 5800.
> 
> 
> Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company 
> limited by shares which is registered in England under company number 
> 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall 
> Lane, Bristol, BS1 6NB. T 0203 697 5800.
> 
> 
> For more details on how Jisc handles your data see our privacy notice here: 
> https://www.jisc.ac.uk/website/privacy-notice

Attachment: signature.asc
Description: Message signed with OpenPGP