我向MS支持提出了这个问题。 Q& A是 http： //social.msdn.microsoft.com/Forums/en-US/wcf/thread/a1e74f4b-9469-43bb-9e91-4d524bee6ceb 。滚动到最后，在那里我能够获得支持人员专门公开回答。

简短的答案是不，本文中描述的技术不影响基于X.509证书的消息级安全性。

的确，WCF堆栈特别受到攻击的保护，因为无法加密 - 只有交通。该漏洞影响仅加密，但不影响加密签名。 http://msdn.microsoft.com/的说明en-us / library / system.net.security.protectionlevel.aspx 描述了MS WCF允许的内容。 WCF甚至不会接受加密流量。

尽管基准W3C加密规范的问题不够紧张，但我认为在Axis2空间中真正存在的面对漏洞 - 我希望MS可以通过AES-GCM而不是AES-CBC对WCF进行加密，这样它就可以加密。

鉴于CBC攻击的成功，似乎CBC的日子应该在生产系统中编号。

A "practical attack against XML's cipher block chaining (CBC) mode" has been demonstrated:

http://www.informationweek.com/news/security/vulnerabilities/231901532

My question is this: Does this affect WCF's X.509 certificate-based message-level security?

Thanks in advance.

I had posed this very question to MS Support. The Q&A is http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/a1e74f4b-9469-43bb-9e91-4d524bee6ceb. Scroll to the end, where I was able to enlist the support people to specifically answer publicly.

The short answer is NO, the technique described in the paper does NOT affect X.509 certificate-based message-level security.

Indeed, the WCF stack is specifically protected from the attack because it is not possible to Encrypt-Only traffic. The vulnerability affects Encrypt-Only, but does not affect Encrypted-And-Signed. The description at http://msdn.microsoft.com/en-us/library/system.net.security.protectionlevel.aspx describes what MS WCF allows. WCF will not even accept Encrypted-Only traffic.

Though there seeems to be a problem with the base W3C Encryption Spec in not being tight enough, I think the real in-our-face vulnerability is in the Axis2 space - where it is possible to Encrypt-Only.

I do wish MS would let WCF encrypt via the AES-GCM instead of AES-CBC. Given the success of the CBC attack, it does seem like CBC's days should be numbered in production systems.