An open discussion list for topics related to the eduGAIN interfederation service.

[Nicole Roy <nroy AT internet2.edu>]

Thanks! See you in Trieste!

> On Jun 7, 2022, at 2:43 AM, Alex Stuart <Alex.Stuart AT jisc.ac.uk> wrote:
> 
> Hi Nicole, I'm giving a UK federation update at the REFEDS meeting so will 
> mention this. I'm around until the TNC closing plenary on Thursday & happy 
> to chat informally during the week.
> 
> Alex
> 
>> On 3 Jun 2022, at 16:11, Nicole Roy <nroy AT internet2.edu> wrote:
>> 
>> Thanks Alex, this is really good/important information. I’m wondering if 
>> this might be a good thing to discuss at, say, the upcoming REFEDS meeting?
>> 
>> Nicole R
>> 
>>> On Jun 3, 2022, at 8:47 AM, Alex Stuart <Alex.Stuart AT jisc.ac.uk> wrote:
>>> 
>>> Dear Colleagues,
>>> 
>>> We in the UK federation team are reviewing the cryptographic strength of 
>>> our metadata publication service. Integrity & authenticity of our 
>>> aggregates (including our eduGAIN upstream feed) is provided by a 2K RSA 
>>> key, SHA-256 signature and digest algorithms. We are using a 4K RSA key 
>>> in our MDQ service, and considered the questions: should we be migrating 
>>> to the 4K key, and by when? TL;DR Yes, by 2030.
>>> 
>>> I hope our analysis is interesting for the member federations of eduGAIN.
>>> 
>>> We have taken the eduGAIN upstream feeds from the eduGAIN API [0] and 
>>> determined the cryptographic parameters of each. The data below presents 
>>> the triples (RSA key size, signature algorithm, digest algorithm) and the 
>>> number of eduGAIN upstream feeds which use that triple.
>>> 
>>> (2048, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
>>> 'http://www.w3.org/2001/04/xmlenc#sha256'): 34
>>> (3072, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
>>> 'http://www.w3.org/2001/04/xmlenc#sha256'): 4
>>> (4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', 
>>> 'http://www.w3.org/2001/04/xmlenc#sha256'): 32
>>> (4096, 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512', 
>>> 'http://www.w3.org/2001/04/xmlenc#sha512'): 1
>>> 
>>> Given this data, I've collated security strengths as per tables 2 and 3 
>>> of NIST SP 800-57 part 1 rev 5 [1] and the footnotes to table 1 in the 
>>> implementation guide for FIPS 140-2 [2] to determine:
>>> 
>>> - For the first triple, the key size of 2048 is the limiting factor. 
>>> Strength 112.
>>> - For the second triple, all three quantities have estimated strength 128.
>>> - For the third triple, increasing the key size to 4K (strength 150 
>>> according to the formula in [2]) does not increase the strength above 128 
>>> because the algorithms limit strength to 128
>>> - For the last triple, the algorithms have strength > 256 and it's key 
>>> size that's the limiting factor again. Strength 150.
>>> 
>>> The UK federation feed is one of the 34 federations in the top line of 
>>> the data. Is that a bad thing? Not necessarily. We still conform to the 
>>> eduGAIN profile [3]. And NIST estimate that this is acceptable through 
>>> 2030 (Table 4 of [1]).
>>> 
>>> We have a migration route to higher strength that is available by 
>>> transitioning to the 4K MDQ key. We intend to do this in the next couple 
>>> of years as we re-engineer our metadata publication toolchain.
>>> 
>>> We note that the Romanian federation uses SHA-512 algorithms in its 
>>> eduGAIN upstream and with its federation members (which include 
>>> Shibboleth and simpleSAMLphp entities) so there is a route to higher 
>>> strength for our eduGAIN upstream and domestically once we have 
>>> transitioned to the 4K key.
>>> 
>>> Any comments, advice or gotchas gratefully received.
>>> 
>>> Regards,
>>> Alex
>>> 
>>> [0] Documentation of eduGAIN database access API
>>> https://technical.edugain.org/api
>>> 
>>> [1] Recommendation for key management
>>> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
>>> 
>>> [2] Implementation Guidance for FIPS 140-2 and the Cryptographic Module 
>>> Validation Program
>>> https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf
>>> 
>>> [3] eduGAIN SAML profile
>>> https://technical.edugain.org/doc/eduGAIN-saml-profile.pdf
>>> 
>>> —
>>> Alex Stuart (he/him)
>>> Technical Development Manager (Trust and Identity)
>>> alex.stuart AT jisc.ac.uk
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Jisc is a registered charity (number 1149740) and a company limited by 
>>> guarantee which is registered in England under company number. 05747339, 
>>> VAT number GB 197 0632 86. Jisc’s registered office is: 4 Portwall Lane, 
>>> Bristol, BS1 6NB. T 0203 697 5800.
>>> 
>>> 
>>> Jisc Services Limited is a wholly owned Jisc subsidiary and a company 
>>> limited by guarantee which is registered in England under company number 
>>> 02881024, VAT number GB 197 0632 86. The registered office is: 4 Portwall 
>>> Lane, Bristol, BS1 6NB. T 0203 697 5800.
>>> 
>>> 
>>> Jisc Commercial Limited is a wholly owned Jisc subsidiary and a company 
>>> limited by shares which is registered in England under company number 
>>> 09316933, VAT number GB 197 0632 86. The registered office is: 4 Portwall 
>>> Lane, Bristol, BS1 6NB. T 0203 697 5800.
>>> 
>>> 
>>> For more details on how Jisc handles your data see our privacy notice 
>>> here: https://www.jisc.ac.uk/website/privacy-notice
>> 
> 
> —
> Alex Stuart (he/him)
> Technical Development Manager (Trust and Identity)
> alex.stuart AT jisc.ac.uk
> 
> 
> 
> 
> 
> 
> 
>

Attachment: signature.asc
Description: Message signed with OpenPGP