W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2007

Draft minutes: 2007-05-29

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 30 May 2007 13:28:54 +0100
To: public-xmlsec-maintwg@w3.org
Message-ID: <20070530122854.GA316@raktajino.does-not-exist.org>

Minutes below.  Thanks to Giles!
-- 
Thomas Roessler, W3C  <tlr@w3.org>






   [1]W3C 

                                   - DRAFT -

                         XML Sec Spec Maint WG Weekly

29 May 2007

   [2]Agenda

   See also: [3]IRC log

Attendees

   Present
          Giles Hogben
          , Konrad Klanz
          , Thomas Roessler
          Rob Miller
          Ed Simon
          Sean Mullen
          Juan Carlos Cruellas
          Richard Salz
          Greg Berezow

   Regrets
          Phillip Hallam Baker
          Frederick Hirsch
          Hal Lockhart

   Chair
          Thomas Roessler

   Scribe
          Giles Hogben

Contents

     * [4]Topics
         1. [5]Administrivia: scribe confirmation, next meeting
         2. [6]Review and approval of last meeting's minutes
         3. [7]Action item review
         4. [8]agenda bashing
         5. [9]Workshop planning
         6. [10]Current status of drafts: c14n issue with xml:base
         7. [11]Current status of drafts: DSig Core
         8. [12]Decryption Transform
         9. [13]signature encore
     * [14]Summary of Action Items
     _________________________________________________________________

   <tlr> Date: 2007-05-29

   <tlr> Date: 2007-05-29

   <tlr> scribe: GilesHogben

   <tlr> ScribeNick: GilesHogben

Administrivia: scribe confirmation, next meeting

   <tlr> Next meeting: 5 June, Frederick to chair, Konrad to scribe

   Konrad will scribe next meeting

Review and approval of last meeting's minutes

   <tlr> [15]http://www.w3.org/2007/05/ 22-xmlsec-minutes

   No objections to minutes

   <tlr> RESOLUTION: minutes accepted

Action item review

   <scribe> Done - share transform that does not depend on input

   by Konrad

   <tlr> ACTION-6 done; discuss at future meeting

   <tlr> ACTION-26 continued

   action 6 done - discuss at future mission

agenda bashing

   add a brief excursion into C14N draft?

Workshop planning

   <tlr> ACTION-28 moot

   <tlr> ACTION-29 closed

   <trackbot-ng> Sorry... I don't know how to close ACTION yet

   <tlr> ACTION-30 closed

   <trackbot-ng> Sorry... I don't know how to close ACTION yet

   <tlr> [16]http://www.w3.org/2007/xmlse c/ws/cfp.html

   Call to be issued June 6 deadline for papers 14 Aug

   IETF has meeting in last week of july - so good for propoganda

   Review 2nd half of August

   Giles OK for PC work - 2nd HALF of Aug

   Ed should be OK but can't guarantee

   Konrad has time - position papers are from where?

   TLR should be within the group - there is some flexibility - you can write
   the posn paper early

   2nd half of Aug to review the pp's we already got and to negotiate the
   agenda

   Greg Whitehead Yes

   <gberezow> gberezow is ok with 2nd half august

   Sean - OK

   Rob OK

   JuanCarlos - Probably not (Holidays)

   can work before

   TLR critical mass for 2nd half Aug

   <scribe> pending availlability of Frederick we should go for this schedule

   accepted

   <tlr> timeline seems ok, approved pending availability of Frederick

   <tlr> ACTION-30 done

   Action 30 closed

Current status of drafts: c14n issue with xml:base

   <tlr>
   [17]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0044.h
   tml

   Konrad has sent a message to both wg's about xml-base

   TLR Who can review this issue for a discussion in next call

   <klanz2>
   [18]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/att-00
   44/Apendix.html

   Konrad note appendix at bottom of message

   to see Delta - appended some test-cases

   above that is the correct version of the appendix

   would like someone who is going to implement to see if he/she agrees

   TLR is that appendix actually normative in C14N 1.1?

   Konrad not sure but would guess it is if implementations are required to use
   the same cannonical output

   There is still some potential to elaborate on details.

   TLR Review before going into details

   <tlr> ACTION: salz to review Konrad's message re xml:base by next call
   [recorded in [19]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action01]

   <trackbot-ng> Created ACTION-35 - Review Konrad\'s message re xml:base by
   next call [on Rich Salz - due 2007-06-05].

   <tlr> ACTION: juan carlos to review KonraD's message re xml:base by next
   call [recorded in [20]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action02]

   <trackbot-ng> Sorry, couldn't find user - juan

   <EdS> I'm taking a quick look at c14n 1.1 CR and do not see any indication
   Appendix A is not normative.

   <tlr> ACTION: cruellas to review KonraD's message re xml:base by next call
   [recorded in [21]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action03]

   <trackbot-ng> Created ACTION-36 - Review KonraD\'s message re xml:base by
   next call [on Juan Carlos Cruellas - due 2007-06-05].

   <tlr> ACTION: sean to review Konrad's message re xml:base by next call
   [recorded in [22]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action04]

   <trackbot-ng> Created ACTION-37 - Review Konrad\'s message re xml:base by
   next call [on Sean Mullan - due 2007-06-05].

   <tlr>  ACTION:  ed to review Konrad's message re xml:base by next call
   [recorded in [23]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action05]

   <trackbot-ng> Created ACTION-38 - Review Konrad\'s message re xml:base by
   next call [on Ed Simon - due 2007-06-05].

   <tlr> substantive discussion deferred to next call

Current status of drafts: DSig Core

   <tlr> ACTION-33 closed

   <trackbot-ng> Sorry... I don't know how to close ACTION yet

   <tlr> ACTION-31, ACTION-32 closed

   Action 31 on Juan C to propose a reference processing modelling summary

   Sean to propose a different langauge for validator and generator part

   <tlr>
   [24]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
   tml

   mostly done on ML. End of that thread see url above

   proposed slightly different text for the note

   is there any need for further discussioon of this text

   or do we adopt the editor's draft accordingly

   Konrad do we get a new version of the redline doc?

   <EdS>  A  search on the word "normative" in c14n 1.1 CR reveals only 1
   instance -- that saying only the English version is normative. So it would
   appear the whole c14n 1.1 CR document, including the appendix, is normative.

   TLR Will send around the editor's draft

   have people looked at the text?

   would people prefer to see the editor's draft

   JCarlos agree with changes

   <tlr> juan carlos: fine

   <tlr> sean: looks fine

   <EdS> I looked at the text changes and they look fine to me.

   <tlr>   ACTION:   thomas   to   update  editor's  draft  according  to
   [25]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
   tml [recorded in [26]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action06]

   <trackbot-ng>  Created ACTION-39 - Update editor\'s draft according to
   [27]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
   tml [on Thomas Roessler - due 2007-06-05].

   <tlr> ACTION-19 closed

   <trackbot-ng> Sorry... I don't know how to close ACTION yet

   <tlr>
   [28]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
   tml

   Konrad: had a look at Gregor's message and proposed new text for bullets in
   section 2.

   please copy to chat

   <sean> please copy to chat

   <tlr>
   [29]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
   tml

   I just try to be precise where DNames appear or not

   <klanz2> 2.

   <klanz2> * The |X509IssuerSerial| element, which contains an X.509

   <klanz2> issuer distinguished name/serial number pair. The X.509

   <klanz2> issuer distinguished name SHOULD be compliant with the DNAME

   <klanz2> encoding rules at the end of this section and the serial

   <klanz2> number is represented as a decimal integer,

   <klanz2> * The |X509SubjectName| element, which contains an X.509

   <klanz2> subject distinguished name that SHOULD be compliant with the

   <klanz2> DNAME encoding rules at the end of this section,

   Konrad concerned about & and opening tag bracket but as discussed with
   Thomas, this can be handled by saying it is text to be added

   Should it be done in CDATA section or by escaping?

   <klanz2> sorry lost the call

   <tlr>
   [30]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
   tml

Decryption Transform

   <tlr> [31]http://www.w3 .org/2007/xmlsec/Drafts/xmlenc-decrypt.html

   Frederick has done some basic edits

   <tlr>
   [32]http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html#sec-xml-process
   ing

   first set of edits in processing rules section

   there is a definition of decrypt XML and second subpoint of second step
   deals with inheritance

   <klanz2> go ahead

   <klanz2> sure

   please paste into IRC (proposed change)

   <tlr> If a node-set is replacing an element from N whose parent element is
   not  in  N, then its apex elements MUST inherit xml:lang and xml:space
   attributes associated with the XML namespace from the parent element, such
   as [XML-C14N11]. The xml:base, xml:lang and xml:space attribute from the XML
   namespace MUST be processed as specified in Canonical XML 1.

   Decrypt algorithm in sec 3.1 - main proposed change to replace explicit
   mention of certain specific attributes according to C14N 1.1

   <tlr> "As a result, D for N is a node-set consisting ..."

   In 3.3, below examples is an editorial change to fix erratum 1.

   In 3.4.2, inheriting attributes - ref to C14N - any comments?

   TLR propose that at next meeting we propose this draft become last call

   <klanz2>
   [33]http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0000.html

   <klanz2>
   [34]http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0001.html

   Konrad: is this the guy who actually found the problem (see URL) - could we
   get back to him with some feedback

   on how we fixed it

   TLR: yes good idea

   <tlr> ACTION: klanz2 to contact CAO Yongsheng confirming treatment of E1 in
   Decryption      Transform      [recorded      in      [35]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action07]

   <trackbot-ng> Created ACTION-40 - Contact CAO Yongsheng confirming treatment
   of E1 in Decryption Transform [on Konrad Lanz - due 2007-06-05].

   TLR  no  comments  and no objections to Frederick's changes on Decrypt
   transform

   propose we issue this version with updated namespace URI's

   <tlr> as LC WD at next meeting

   if anyone wants to raise review comments, do so next week

signature encore

   <tlr>
   [36]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
   tml

   1st bullet step 2 - is basically done

   inside the X509 issuer there is a serial

   there are 2 values inside - one the DName, the other the SNumber

   the previous text was not very concise about this

   but only the DName is affected - just clarified what was affected

   next message was the test case - a challenging DName

   Sean 1st bullet of second - second sentence is a runon - would just say

   <tlr> "The X.509 issuer distinguished name SHOULD be compliant with the
   DNAME  encoding rules at the end of this section. The serial number is
   represented as a decimal integer."

   konrad: The test case - tried to get all escapeable chars in and RFC 2253
   compliant

   paste into XML problem with &

   maybe we need to make explicity need to escape &

   give guidance on whether to escape or put into CDATA

   as long as people don't touch it until verification it won't affect a lot

   in many cases the keyinfo is not signed but in some cases it is

   not sure if it's really a problem

   Konrad you can identify the key either by supplying it as a cert

   just  needs  to  be  identified  ,  and  can  also be signed to ensure
   non-substitution

   when you're identifying it you have to do it in CDATA - otherwise you break
   the XML

   Sean: I'll take an action to look at what our implementation does

   <tlr> ACTION: sean to check his implementation wrt DNAME erratum [recorded
   in [37]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action08]

   <trackbot-ng> Created ACTION-41 - Check his implementation wrt DNAME erratum
   [on Sean Mullan - due 2007-06-05].

   TLR worth having a look at testcase

   JC: Looks like there was a common view that the text of the Dname should be
   put in a CDATA section

   but reading the text, it clearly speaks about escaping & and "-"

   i.e. the text is saying to escape it in the XML - not in CDATA

   values may be used for comparing values of DName by other apps - like Xades
   [?]

   In  order  to check if the cert used for generating the sig is the one
   referenced

   you have to check the one used with the DName string

   so it may break an app

   <tlr> Also, strings in DNames (X509IssuerSerial,X509SubjectName, and KeyName
   if approriate) should be encoded as follows:

   TLR: this is not an ecoding which deals with making it XML Safe - it's to do
   with backslash character

   so can't see in rec text that there is entity encoding explicitlyl

   Konrad: also has same perception as JC

   a lot of people seem to interpret it that way

   in a lot of cases where encoding of entities is needed, it's done rather
   than being put into CDATA section

   the spec is silent about what should happen

   TLR: isn't that silence the right thing

   q

   Sean: Silence is not the right thing

   <EdS> Suggest we continue the discussion on /2007May/0041.html next week so
   we can think about this more over the week.

   <tlr> +1 to ed

   Konrad - silence would be good if it would canonicalize

   but don't see how strings in XML are to be canonicalised if signed

   rather have it robust than lose canonicalisation

   TLR: There is a canonicalisation step before things are signed and hashed

   Action is on JC and Konrad to come up with an example where the current
   silence can break an app

   <tlr> ACTION: cruellas to produce example for breakage due to current E01
   language [recorded in [38]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action09]

   <trackbot-ng>  Created ACTION-42 - Produce example for breakage due to
   current E01 language [on Juan Carlos Cruellas - due 2007-06-05].

   JC: agrees

   <tlr> ACTION: klanz to produce example for breakage due to current E01
   language [recorded in [39]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action10]

   <trackbot-ng> Sorry, couldn't find user - klanz

   Konrad: agres

   agrees

   <klanz2>  [40]http://www.w3.org/TR/xml-c14n11/ (section 1.1 says CDATA
   sections are replaced with their character content)

   <tlr> rragent, please draft minutes

   <klanz2> can I listen in

Summary of Action Items

   [NEW] ACTION: cruellas to produce example for breakage due to current E01
   language [recorded in [41]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action09]
   [NEW] ACTION: cruellas to review KonraD's message re xml:base by next call
   [recorded in [42]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action03]
   [NEW]  ACTION:  ed to review Konrad's message re xml:base by next call
   [recorded in [43]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action05]
   [NEW] ACTION: juan carlos to review KonraD's message re xml:base by next
   call [recorded in [44]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action02]
   [NEW] ACTION: klanz to produce example for breakage due to current E01
   language [recorded in [45]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action10]
   [NEW] ACTION: klanz2 to contact CAO Yongsheng confirming treatment of E1 in
   Decryption      Transform      [recorded      in      [46]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action07]
   [NEW] ACTION: salz to review Konrad's message re xml:base by next call
   [recorded in [47]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action01]
   [NEW] ACTION: sean to check his implementation wrt DNAME erratum [recorded
   in [48]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action08]
   [NEW] ACTION: sean to review Konrad's message re xml:base by next call
   [recorded in [49]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action04]
   [NEW]   ACTION:   thomas   to   update  editor's  draft  according  to
   [50]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
   tml [recorded in [51]http://www.w
   3.org/2007/05/29-xmlsec-minutes.html#action06]

   [End of minutes]
     _________________________________________________________________


    Minutes formatted by David Booth's [52]scribe.perl version 1.128 ([53]CVS
    log)
    $Date: 2007/05/30 12:28:01 $

References

   1. http://www.w3.org/
   2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0045.html
   3. http://www.w3.org/2007/05/29-xmlsec-irc
   4. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#agenda
   5. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item01
   6. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item02
   7. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item03
   8. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item04
   9. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item05
  10. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item06
  11. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item07
  12. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item08
  13. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item09
  14. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#ActionSummary
  15. http://www.w3.org/2007/05/22-xmlsec-minutes
  16. http://www.w3.org/2007/xmlsec/ws/cfp.html
  17. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0044.html
  18. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/att-0044/Apendix.html
  19. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action01
  20. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action02
  21. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action03
  22. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action04
  23. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action05
  24. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
  25. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
  26. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action06
  27. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
  28. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
  29. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
  30. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
  31. http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html
  32. http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html#sec-xml-proces sing
  33. http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0000.html
  34. http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0001.html
  35. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action07
  36. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
  37. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action08
  38. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action09
  39. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action10
  40. http://www.w3.org/TR/xml-c14n11/
  41. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action09
  42. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action03
  43. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action05
  44. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action02
  45. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action10
  46. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action07
  47. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action01
  48. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action08
  49. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action04
  50. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
  51. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action06
  52. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
  53. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 30 May 2007 12:29:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:22:00 GMT