W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

Re: Important: Updated XML Signature 1.1 Editors Draft - Please review

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Fri, 18 Dec 2009 13:26:19 -0500
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <ABB5C923-103F-4565-9D2E-57A7CD8ECC79@nokia.com>
To: ext Sean Mullan <Sean.Mullan@Sun.COM>
> In Security considerations regarding RSA key sizes:
>
> "XML Security 1.1 implementations should use ..."
>
> s/Security/Signature

Fixed. Thanks for noticing this Sean.

regards, Frederick

Frederick Hirsch
Nokia



On Dec 18, 2009, at 10:47 AM, ext Sean Mullan wrote:

> In Security considerations regarding RSA key sizes:
>
> "XML Security 1.1 implementations should use ..."
>
> s/Security/Signature
>
> Frederick Hirsch wrote:
>> I have updated the XML Signature 1.1 Editors draft, please review  
>> it for
>> correctness and completeness before our 5 January call.
>>
>> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm
>>
>> I have reviewed all the changes since converting to ReSpec and  
>> corrected
>> all the errors found. You can see the  changes since the conversion  
>> in a
>> redline I created [1].
>>
>> I have also successfully run it through the W3C validator and link
>> checker tools, again correcting all errors found. (ACTION-478). There
>> are some redirects remaining that we may consider for additional link
>> updates.
>>
>> I also incorporated the following changes agreed in the WG:
>>
>> ACTION-464, MgmtData change, reflecting review edits, changed title  
>> of
>> 4.5.8
>>
>> ACTION-466 Incorporate RSA key size text into document
>>
>> ACTION-467 Add action-404 proposal into editors draft, history why
>> DERKeyValue is not child of KeyValue
>>
>> ACTION-470 Change "see below" to link to section 6.2 in xml sig 1.1
>> (changed in a number of places)
>>
>> ACTION-471 Add SHA-1 warning to 6.2.1 and fix DSS reference in sig  
>> 1.1
>>
>> I made a minor change to the RSA key size text [2], changing
>>
>> "This XML Signature 1.1 revision REQUIRES all conforming  
>> implementations
>> to support RSA signature generation and verification with public  
>> keys at
>> least 2048 bits in length. "
>>
>> to
>>
>> "All conforming implementations of XML Signature 1.1 MUST support RSA
>> signature generation and verification with public keys at least 2048
>> bits in length. "
>>
>> The reason was to be able to use RFC2119 keyword MUST.
>>
>> I updated the redline from XML Signature 2nd Edition [3].
>>
>> Please review carefully as we plan to bring XML Signature 1.1 to Last
>> Call, deciding on 5 January meeting.
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>> [1]
>> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/snapshots/Overview-Respec-diff.html
>>
>>
>> [2]
>> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-PKCS1
>>
>> [3] http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview_diff.htm
>>
>>
>>
>
Received on Friday, 18 December 2009 18:29:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 December 2009 18:29:45 GMT