Updates re MD5/SHA1 usage. (dotnet#2917)

TimShererWithAquent · Thraka · commit 7bc1ba24e9f9 · 2019-08-07T12:22:03.000-07:00
* Updates re MD5/SHA1 usage. * Update summary tag contents Per comments from @mairaw. * Update summary tag edits. Per feedback from @mairaw. * Move enum summary content to remarks.
diff --git a/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml b/xml/Microsoft.Build.Tasks.Deployment.ManifestUtilities/BaseReference.xml
@@ -148,7 +148,7 @@
       <Docs>
         <summary>Gets or sets the SHA1 hash of the file.</summary>
         <value>A string indicating the SHA1 hash of the file.</value>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="IsOptional">
diff --git a/xml/Mono.Security.Interface/HashAlgorithmType.xml b/xml/Mono.Security.Interface/HashAlgorithmType.xml
@@ -35,6 +35,7 @@
       <MemberValue>1</MemberValue>
       <Docs>
         <summary>To be added.</summary>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Md5Sha1">
@@ -55,6 +56,7 @@
       <MemberValue>254</MemberValue>
       <Docs>
         <summary>To be added.</summary>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="None">
@@ -95,6 +97,7 @@
       <MemberValue>2</MemberValue>
       <Docs>
         <summary>To be added.</summary>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Sha224">
@@ -198,4 +201,4 @@
       </Docs>
     </Member>
   </Members>
-</Type>
+</Type>
diff --git a/xml/System.CodeDom/CodeChecksumPragma.xml b/xml/System.CodeDom/CodeChecksumPragma.xml
@@ -192,7 +192,7 @@
   
  The calculation of the checksum is language-specific. That is, the language vendor can use any of the hashing algorithms known to the debugger to calculate the checksum. The use of a GUID for this property provides hash algorithm extensibility.  
   
-   
+ Due to collision problems with SHA1 and MD5, Microsoft recommends a security model based on SHA256 or better.  
   
 ## Examples  
  The following code example shows the setting of the <xref:System.CodeDom.CodeChecksumPragma.ChecksumAlgorithmId%2A> property. This code example is part of a larger example provided for the <xref:System.CodeDom.CodeChecksumPragma> class.  
diff --git a/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml b/xml/System.Configuration.Assemblies/AssemblyHashAlgorithm.xml
@@ -122,7 +122,7 @@
       </ReturnValue>
       <MemberValue>0</MemberValue>
       <Docs>
-        <summary>A mask indicating that there is no hash algorithm. If you specify <see langword="None" /> for a multi-module assembly, the common language runtime defaults to the SHA1 algorithm, since multi-module assemblies need to generate a hash.</summary>
+        <summary>A mask indicating that there is no hash algorithm. If you specify <see langword="None" /> for a multi-module assembly, the common language runtime defaults to the SHA1 algorithm, since multi-module assemblies need to generate a hash. Due to collision problems with SHA1, Microsoft recommends SHA256.</summary>
       </Docs>
     </Member>
     <Member MemberName="SHA1">
diff --git a/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml b/xml/System.IO.Packaging/PackageDigitalSignatureManager.xml
@@ -257,7 +257,9 @@
  The <xref:System.IO.Packaging.PackageDigitalSignatureManager.HashAlgorithm%2A> property gets or sets the actual hash algorithm this is used to create and verify signatures.  
   
  The <xref:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm%2A> property is typically used to reset the <xref:System.IO.Packaging.PackageDigitalSignatureManager.HashAlgorithm%2A> property back to default after a temporary change.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <altmember cref="T:System.Security.Cryptography.Xml.SignedXml" />
@@ -324,7 +326,9 @@
  Unless explicitly set otherwise, this property gets the same value as <xref:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm%2A>.  
   
  The <xref:System.IO.Packaging.PackageDigitalSignatureManager.HashAlgorithm%2A> property is typically not changed from its default. This property must be changed only if a signature that uses a different known and accessible <xref:System.Security.Cryptography.HashAlgorithm> is encountered.  When finished with the signature that uses a different hash algorithm, call <xref:System.IO.Packaging.PackageDigitalSignatureManager.DefaultHashAlgorithm%2A> to reset the <xref:System.IO.Packaging.PackageDigitalSignatureManager.HashAlgorithm%2A> property back to default.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.ArgumentNullException">The string for the [!INCLUDE[TLA2#tla_uri](~/includes/tla2sharptla-uri-md.md)] to set is <see langword="null" />.</exception>
diff --git a/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/InMemorySymmetricSecurityKey.xml
@@ -219,7 +219,9 @@
   
 ## Remarks  
  To specify P-SHA1 as the cryptographic algorithm, use the <xref:System.IdentityModel.Tokens.SecurityAlgorithms.Psha1KeyDerivation> field.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.InvalidOperationException">
diff --git a/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml b/xml/System.IdentityModel.Tokens/SecurityAlgorithms.xml
@@ -289,7 +289,7 @@
       </ReturnValue>
       <Docs>
         <summary>Represents the P-SHA1 key generation algorithm. This field is constant.</summary>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Psha1KeyDerivationDec2005">
@@ -310,7 +310,7 @@
       </ReturnValue>
       <Docs>
         <summary>Represents the December 2007 version of the P-SHA1 key generation algorithm. This field is constant.</summary>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Ripemd160Digest">
@@ -373,7 +373,7 @@
       </ReturnValue>
       <Docs>
         <summary>Specifies a URI that points to the RSA-SHA1 cryptographic algorithm for digitally signing XML. This field is constant.</summary>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="RsaSha256Signature">
@@ -436,7 +436,7 @@
       </ReturnValue>
       <Docs>
         <summary>Specifies a URI that points to the 160-bit SHA-1 digest algorithm. This field is constant.</summary>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Sha256Digest">
diff --git a/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/SymmetricSecurityKey.xml
@@ -80,6 +80,8 @@
   
 ## Remarks  
  To specify P-SHA1 as the cryptographic algorithm, use the <xref:System.IdentityModel.Tokens.SecurityAlgorithms.Psha1KeyDerivation> field.  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
   
  ]]></format>
         </remarks>
diff --git a/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml b/xml/System.IdentityModel.Tokens/X509AsymmetricSecurityKey.xml
@@ -162,7 +162,9 @@
   
 ## Remarks  
  Use the <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigDSAUrl>, <xref:System.Security.Cryptography.Xml.EncryptedXml.XmlEncRSA15Url>, <xref:System.Security.Cryptography.Xml.EncryptedXml.XmlEncRSAOAEPUrl>, <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigRSASHA1Url> or <xref:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature> fields to specify the `algorithm` parameter.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.NotSupportedException">
@@ -209,7 +211,9 @@
   
 ## Remarks  
  Use the <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigDSAUrl>, <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigRSASHA1Url> or <xref:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature> fields to specify the `algorithm` parameter.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.NotSupportedException">
@@ -289,7 +293,9 @@
   
 ## Remarks  
  Use the <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigDSAUrl>, <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigRSASHA1Url> or <xref:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature> fields to specify the `algorithm` parameter.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.NotSupportedException">The X.509 certificate specified in the constructor does not have a private key.  
@@ -357,7 +363,7 @@
         <summary>Gets a value that indicates whether the specified algorithm uses asymmetric keys.</summary>
         <returns>
           <see langword="true" /> when the specified algorithm is <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.DsaSha1Signature" />, <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha1Signature" />, <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature" />, <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.RsaOaepKeyWrap" />, or <see cref="F:System.IdentityModel.Tokens.SecurityAlgorithms.RsaV15KeyWrap" />; otherwise, <see langword="false" />.</returns>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="IsSupportedAlgorithm">
@@ -393,7 +399,9 @@
 -   The `algorithm` parameter is <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigDSAUrl> and the public key for the X.509 certificate specified in the constructor is of type <xref:System.Security.Cryptography.DSA>.  
   
 -   The `algorithm` parameter is <xref:System.Security.Cryptography.Xml.EncryptedXml.XmlEncRSA15Url>, <xref:System.Security.Cryptography.Xml.EncryptedXml.XmlEncRSAOAEPUrl>, <xref:System.Security.Cryptography.Xml.SignedXml.XmlDsigRSASHA1Url> or <xref:System.IdentityModel.Tokens.SecurityAlgorithms.RsaSha256Signature> and the public key for the X.509 certificate specified in the constructor is of type <xref:System.Security.Cryptography.RSA>.  
-  
+
+Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
       </Docs>
diff --git a/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml b/xml/System.IdentityModel/RsaEncryptionCookieTransform.xml
@@ -228,7 +228,9 @@
 ## Remarks  
  SHA256 is the default algorithm. This may require a minimum platform of Windows Server 2003 and .NET 3.5 SP1.  
   
- If SHA256 is not supported, set the <xref:System.IdentityModel.RsaEncryptionCookieTransform.HashName%2A> property to "SHA1".  
+ If SHA256 is not supported, set the <xref:System.IdentityModel.RsaEncryptionCookieTransform.HashName%2A> property to "SHA1". 
+
+ Due to collision problems with SHA1, Microsoft recommends SHA256 or better. 
   
  ]]></format>
         </remarks>
diff --git a/xml/System.IdentityModel/RsaSignatureCookieTransform.xml b/xml/System.IdentityModel/RsaSignatureCookieTransform.xml
@@ -219,7 +219,9 @@
  SHA256 is the default algorithm. This may require a minimum operating system of [!INCLUDE[winxpsvr](~/includes/winxpsvr-md.md)] and .NET 3.5 SP1.  
   
  If SHA256 is not supported, set the <xref:System.IdentityModel.RsaSignatureCookieTransform.HashName%2A> property to "SHA1".  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends SHA256 or better.
+
  ]]></format>
         </remarks>
       </Docs>
diff --git a/xml/System.Messaging/DefaultPropertiesToSend.xml b/xml/System.Messaging/DefaultPropertiesToSend.xml
@@ -432,7 +432,9 @@ myMessageQueue.DefaultPropertiesToSend.Label = "myLabel";
  The <xref:System.Messaging.DefaultPropertiesToSend.HashAlgorithm%2A> property identifies the hashing algorithm Message Queuing uses when authenticating messages or when creating a digital signature for a message.  
   
  Message Queuing on the source computer uses the hashing algorithm when creating a digital signature for a message. The target Queue Manager then uses the same hashing algorithm to authenticate the message when it is received.  
-  
+
+ Due to collision problems with MD5, Microsoft recommends SHA256.
+
  ]]></format>
         </remarks>
         <altmember cref="P:System.Messaging.DefaultPropertiesToSend.UseAuthentication" />
diff --git a/xml/System.Messaging/Message.xml b/xml/System.Messaging/Message.xml
@@ -1523,7 +1523,9 @@ if (myObject is float) {
   
 ## Remarks  
  On the source computer, Message Queuing uses the hashing algorithm when creating a digital signature for a message. The target Queue Manager then uses the same hashing algorithm to authenticate the message when it is received.  
-  
+
+ Due to collision problems with MD5 and SHA1, Microsoft recommends SHA256. 
+ 
  ]]></format>
         </remarks>
         <exception cref="T:System.InvalidOperationException">The message queue is filtered to ignore the <see cref="P:System.Messaging.Message.HashAlgorithm" /> property.</exception>
diff --git a/xml/System.Net.Http.Headers/HttpContentHeaders.xml b/xml/System.Net.Http.Headers/HttpContentHeaders.xml
@@ -234,7 +234,7 @@
       <Docs>
         <summary>Gets or sets the value of the <see langword="Content-MD5" /> content header on an HTTP response.</summary>
         <value>The value of the <see langword="Content-MD5" /> content header on an HTTP response.</value>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="ContentRange">
diff --git a/xml/System.Net/HttpRequestHeader.xml b/xml/System.Net/HttpRequestHeader.xml
@@ -548,7 +548,7 @@
       </ReturnValue>
       <MemberValue>16</MemberValue>
       <Docs>
-        <summary>The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check.</summary>
+        <summary>The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better.</summary>
       </Docs>
     </Member>
     <Member MemberName="ContentRange">
diff --git a/xml/System.Net/HttpResponseHeader.xml b/xml/System.Net/HttpResponseHeader.xml
@@ -365,7 +365,7 @@
       </ReturnValue>
       <MemberValue>16</MemberValue>
       <Docs>
-        <summary>The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check.</summary>
+        <summary>The Content-MD5 header, which specifies the MD5 digest of the accompanying body data, for the purpose of providing an end-to-end message integrity check. Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better.</summary>
       </Docs>
     </Member>
     <Member MemberName="ContentRange">
diff --git a/xml/System.Reflection/AssemblyHashAlgorithm.xml b/xml/System.Reflection/AssemblyHashAlgorithm.xml
@@ -45,6 +45,7 @@
       <MemberValue>32771</MemberValue>
       <Docs>
         <summary>To be added.</summary>
+        <remarks>Due to collision problems with MD5, Microsoft recommends SHA256.</remarks>
       </Docs>
     </Member>
     <Member MemberName="None">
@@ -95,6 +96,7 @@
       <MemberValue>32772</MemberValue>
       <Docs>
         <summary>To be added.</summary>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends SHA256.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Sha256">
@@ -173,4 +175,4 @@
       </Docs>
     </Member>
   </Members>
-</Type>
+</Type>
diff --git a/xml/System.Security.Authentication/HashAlgorithmType.xml b/xml/System.Security.Authentication/HashAlgorithmType.xml
@@ -77,6 +77,7 @@
       <MemberValue>32771</MemberValue>
       <Docs>
         <summary>The Message Digest 5 (MD5) hashing algorithm.</summary>
+        <remarks>Due to collision problems with MD5, Microsoft recommends SHA256.</remarks>
       </Docs>
     </Member>
     <Member MemberName="None">
@@ -143,6 +144,7 @@
       <MemberValue>32772</MemberValue>
       <Docs>
         <summary>The Secure Hashing Algorithm (SHA1).</summary>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends SHA256.</remarks>
       </Docs>
     </Member>
     <Member MemberName="Sha256">
@@ -233,4 +235,4 @@
       </Docs>
     </Member>
   </Members>
-</Type>
+</Type>
diff --git a/xml/System.Security.Policy/Hash.xml b/xml/System.Security.Policy/Hash.xml
@@ -44,7 +44,9 @@
  A hash value represents a unique value that corresponds to a particular set of bytes. Rather than referring to an assembly by name, version, or other designation, a hash value designates the assembly without ambiguity. Names are subject to collisions in rare cases where the same name is given to completely different code. Different variations of code can accidentally be marked with the same version. However, even changing a single bit results in a very different hash value.  
   
  Hash values are a cryptographically secure way to refer to specific assemblies in policy without the use of digital signatures. A secure hash algorithm is designed so that it is computationally infeasible to construct a different assembly with the identical hash value by either an accidental or malicious attempt. By default, evidence from the <xref:System.Security.Cryptography.SHA1> and <xref:System.Security.Cryptography.MD5> hash algorithms is supported, although any hash algorithm can be used through <xref:System.Security.Policy.Hash.GenerateHash%2A>.  
-  
+
+ Due to collision problems with MD5 and SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
     </remarks>
   </Docs>
@@ -148,7 +150,9 @@
   
 ## Remarks  
  The returned <xref:System.Security.Policy.Hash> object contains only the <xref:System.Security.Policy.Hash.MD5%2A> property.  
-  
+
+ Due to collision problems with MD5, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.ArgumentNullException">The <paramref name="md5" /> parameter is <see langword="null" />.</exception>
@@ -189,7 +193,9 @@
   
 ## Remarks  
  The returned <xref:System.Security.Policy.Hash> object contains only the <xref:System.Security.Policy.Hash.SHA1%2A> property.  
-  
+
+ Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.
+
  ]]></format>
         </remarks>
         <exception cref="T:System.ArgumentNullException">The <paramref name="sha1" /> parameter is <see langword="null" />.</exception>
@@ -361,7 +367,7 @@
 ## Remarks  
  The assembly specified in the class constructor provides the bytes for the hash computation.  
   
-   
+ Due to collision problems with MD5, Microsoft recommends SHA256. 
   
 ## Examples  
  The following example computes the <xref:System.Security.Cryptography.MD5> hash for `myAssembly` and stores it in `hashcode`.  
@@ -407,7 +413,7 @@
 ## Remarks  
  The assembly specified in the constructor provides the bytes for the hash computation.  
   
-   
+ Due to collision problems with SHA1, Microsoft recommends SHA256.  
   
 ## Examples  
  The following example computes the <xref:System.Security.Cryptography.SHA1> hash for `myAssembly` and stores it in `hashcode`.  
diff --git a/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/Basic192SecurityAlgorithmSuite.xml
@@ -79,7 +79,7 @@
       <Docs>
         <summary>Gets the default asymmetric signature algorithm, RsaSha1Signature.</summary>
         <value>The default asymmetric signature algorithm, RsaSha1Signature.</value>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="DefaultCanonicalizationAlgorithm">
@@ -121,7 +121,7 @@
       <Docs>
         <summary>Gets the default digest algorithm, Sha1Digest.</summary>
         <value>The default digest algorithm, Sha1Digest.</value>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="DefaultEncryptionAlgorithm">
@@ -247,7 +247,7 @@
       <Docs>
         <summary>Gets the default symmetric signature algorithm, HmacSha1Signature.</summary>
         <value>The default symmetric signature algorithm, HmacSha1Signature.</value>
-        <remarks>To be added.</remarks>
+        <remarks>Due to collision problems with SHA1, Microsoft recommends a security model based on SHA256 or better.</remarks>
       </Docs>
     </Member>
     <Member MemberName="IsAsymmetricKeyLengthSupported">
diff --git a/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/Basic256SecurityAlgorithmSuite.xml
diff --git a/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml b/xml/System.ServiceModel.Security/SecurityKeyEntropyMode.xml
diff --git a/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml b/xml/System.ServiceModel.Security/TripleDesSecurityAlgorithmSuite.xml
diff --git a/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml b/xml/System.ServiceModel/MsmqSecureHashAlgorithm.xml
diff --git a/xml/System.ServiceModel/MsmqTransportSecurity.xml b/xml/System.ServiceModel/MsmqTransportSecurity.xml
