Re: Important: Updated XML Signature 1.1 Editors Draft - Please review from Sean Mullan on 2009-12-18 (public-xmlsec@w3.org from December 2009)

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Fri, 18 Dec 2009 10:47:14 -0500
To: Frederick Hirsch <frederick.hirsch@nokia.com>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-id: <4B2BA402.8070406@sun.com>

In Security considerations regarding RSA key sizes:

"XML Security 1.1 implementations should use ..."

s/Security/Signature

Frederick Hirsch wrote:
> I have updated the XML Signature 1.1 Editors draft, please review it for 
> correctness and completeness before our 5 January call.
> 
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm
> 
> I have reviewed all the changes since converting to ReSpec and corrected 
> all the errors found. You can see the  changes since the conversion in a 
> redline I created [1].
> 
> I have also successfully run it through the W3C validator and link 
> checker tools, again correcting all errors found. (ACTION-478). There 
> are some redirects remaining that we may consider for additional link 
> updates.
> 
> I also incorporated the following changes agreed in the WG:
> 
> ACTION-464, MgmtData change, reflecting review edits, changed title of 
> 4.5.8
> 
> ACTION-466 Incorporate RSA key size text into document
> 
> ACTION-467 Add action-404 proposal into editors draft, history why 
> DERKeyValue is not child of KeyValue
> 
> ACTION-470 Change "see below" to link to section 6.2 in xml sig 1.1 
> (changed in a number of places)
> 
> ACTION-471 Add SHA-1 warning to 6.2.1 and fix DSS reference in sig 1.1
> 
> I made a minor change to the RSA key size text [2], changing
> 
> "This XML Signature 1.1 revision REQUIRES all conforming implementations 
> to support RSA signature generation and verification with public keys at 
> least 2048 bits in length. "
> 
> to
> 
> "All conforming implementations of XML Signature 1.1 MUST support RSA 
> signature generation and verification with public keys at least 2048 
> bits in length. "
> 
> The reason was to be able to use RFC2119 keyword MUST.
> 
> I updated the redline from XML Signature 2nd Edition [3].
> 
> Please review carefully as we plan to bring XML Signature 1.1 to Last 
> Call, deciding on 5 January meeting.
> 
> regards, Frederick
> 
> Frederick Hirsch
> Nokia
> 
> [1] 
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/snapshots/Overview-Respec-diff.html 
> 
> 
> [2] 
> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-PKCS1
> 
> [3] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm
> 
> 
>

Received on Friday, 18 December 2009 15:48:02 UTC