Agenda: Distributed Meeting 2009-07-07 from Frederick Hirsch on 2009-07-06 (public-xmlsec@w3.org from July 2009)

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 6 Jul 2009 11:25:33 -0400
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Message-Id: <770DBF26-6143-49C2-A7FB-79360C390C73@nokia.com>
Agenda: W3C XML Security WG (XMLSec)
Teleconference 7 July 2009
Distributed Meeting #35

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')
IRC Chat:
irc.w3.org (port 6665), #xmlsec
Web-based IRC (member-only):
<http://cgi.w3.org/member-bin/irc/irc.cgi>

Please note that attendance of XMLSEC WG teleconferences is  
restricted  to registered WG participants and persons invited by the  
chair.

Publication Status available at
http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Chair: Frederick Hirsch

Regrets: Thomas Roessler, Ed Simon

see http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

1) Administrivia: scribe confirmation, next meeting, other

1a)  Cynthia Martin is scheduled to scribe

The current scribe list is at the end of this message, will rotate  
through this list.

Scribe Instructions:
http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

1b)   Meeting planning: upcoming meetings

This WG meets weekly on Tuesdays 10-12 Eastern unless a meeting is   
cancelled.

Upcoming meeting information is available on the WG Administrative page:
http://www.w3.org/2008/xmlsec/Group/Overview.html#upcoming-meetings

Next meeting:  14 July, scribe TBD

TPAC registration open
TPAC Overview: http://www.w3.org/2009/11/TPAC/overview.html

Please register: http://www.w3.org/2002/09/wbs/35125/TPAC09/
Note registration fee increases after 21 September 2009.

XML Security Thursday and Friday 5-6 November as originally planned.

1c) Liaisons and Coordination

See status at members page
http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Relax NG schema validation of widget signature
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0074.html

1d) Announcements

NIST "Transitions" presentation
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0071.html

2) Minutes Approval

Please review minutes, also please indicate corrections in attendance.

23 June 2009 teleconference
http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/att-0015/23-xmlsec-minutes.html

3) Editorial update status

Please remember to send note to public list when completing editing,   
indicating what has changed and associated action. Please mark action
as pending as well and update the explain.html document for XML   
Signature 1.1 or XML Encryption 1.1.

3a) XML Signature 1.1, ACTION-142, Brian LaMacchia

"In Section 6, define the identifier DSAwithSHA256 (http://www.w3.org/2009/xmldsig11#dsa-sha256 
) as an OPTIONAL signature algorithm.

In Section 6.4.1, added DSAwithSHA256, updated the language in  
paragraph 1  to describe the four variants of DSA, and updated the  
Security Considerations section (there was a duplicate paragraph  
there, among other problems).

In keeping with the way we did RSA, where we didn't put the key size  
in the  algorithm URI, I chose to do the same thing with DSA.  So the  
intent is that the DSAwithSHA256 AlgID should be used for both 2048- 
bit DSA and 3072-bit DSA with SHA-256.  Similarly, since we don't use  
SHA-224 anywhere else in  the XMLDSIG spec, I did not define a  
corresponding DSAwithSHA224 (which would be 2048-bit keys & SHA-224).   
We can add that if people think it's necessary, but I didn't see a  
compelling reason."

3b) XML Signature 1.1, Section 6.3.1 to resolve ACTION-320, Brian  
LaMacchia

updated the language for HMAC to read as follows:

"The HMAC<http://www.ietf.org/rfc/rfc2104.txt> algorithm (RFC2104  
[HMAC]) takes the output (truncation) length in bits as a parameter;  
this specification REQUIRES that the truncation length be a multiple  
of 8 (i.e. fall on a byte boundary) because Base64 encoding operates  
on full bytes."

The part in bold (after the semicolon) is the new language to resolve  
the bit-vs-byte problem.

3c) XML Encryption, Brian LaMacchia

updates for ACTION-319: split DH key agreement section into new KDF  
and legacy KDF

3d) ACTION-283 , add SHA-1 warning

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.html  
(Thomas)

3e) Drafted notes on using XMLSpec tool

http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0013.html  
(Frederick)

4) Additional proposed 1.1 changes

4a) Additional DSS security consideration changes

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0005.html  
(Cynthia Martin)

proposed changes:

i) Add "bits" in two places in "defined to be 1024, 2048 or 3072 and  
the corresponding DSA q value is defined to be 160, 224/256 and 256  
respectively" yielding "defined to be 1024, 2048 or 3072 bits, and the  
corresponding DSA q value is defined to be 160, 224/256 and 256 bits  
respectively"

ii) in 2nd paragraph change "required" to "requires"

4b) Review and update references in XML Signature 1.1

ACTION-325; Propose changes to Signature references; Cynthia Martin

4c) Review and update references in XML Encryption 1.1

ACTION-324;  Review http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/att-0044/xmlenc-ref.html 
  for normative and informative
Cynthia Martin

Editorial incorporation needed.

4d) Review and update XML Signature and XML Encryption explain documents

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/explain.html

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/explain.html

5) Ready to publish 1.1?

Updated since last published:

XML Signature 1.1
XML Encryption 1.1
XML Security Algorithms Note
XML Security Generic Hybrid Ciphers (FPWD)
Best Practices
XML Signature Transform Simplification: Requirements and Design

Question regarding XML Security Derived Keys:
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0004.html

6) C14 2.0 Draft

http://www.w3.org/2008/xmlsec/Drafts/c14n-20/Overview.html (Pratik)

7) Exclusive C14N errata

7a) Proposed revision to E02, DTD/Schema issue

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0075.html  
(Scott)

7b) Proposed New E07 for ISSUE110, "visibly utilizes"

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0076.html  
(Scott)

8) Issue discussions

8a) ISSUE-7, EXI

proposal to close since incorporated in transform simplification  
(Gerald)
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0000.html

8b) ISSUE-9, WS-I BSP review comments

  no issue with splitting transform functionality?
http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0001.html  
(Gerald)

http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0002.html  
(Scott)

9) Action Item and Issue Review

9a) Close Pending actions

These will be closed after the meeting unless concern raised before  
or  during meeting. Please review in advance of meeting.

ACTION-142; Come up with identifiers and add to the algs doc for the  
new DSA algorithms; Brian LaMacchia

ACTION-174; Update the transforms related to ISSUE-69; Pratik Datta

ACTION-266; Start email discussion on how different inputs to  
canonicalization could start ...; Pratik Datta

ACTION-291; Draft a proposed fix for E02 for exc c14n; Scott Cantor

ACTION-299; Look at issue-110 and errata document for exc-c14n; Scott  
Cantor

ACTION-317; Move derived key spec into XML Enc 11 and create separate  
KDF section with mandatory 800-56; Magnus Nyström

ACTION-319; Update DH & ECDH sections to take advantage of new KDF  
section; Kelvin Yiu and Brian LaMacchia

ACTION-320; Draft language for HMAC section, 6.3.1; Brian LaMacchia

9b) Open Action Review

Open actions are listed in Tracker at http://www.w3.org/2008/xmlsec/track/actions/open

Procedure for closing actions: http://www.w3.org/2007/xmlsec/Group/Overview.html#closing-actions

Please review open action list and update your actions appropriately:

http://www.w3.org/2008/xmlsec/actions-open.html

10) Issues review

http://www.w3.org/2008/xmlsec/track/issues/open

11) Other Business

12) Adjourn

Scribing  list
----------------

Bradley Hill, Invited Expert (27 January 2009)
Konrad Lanz, IAIK (24 February 2009, 16 July F2F am)
Juan Carlos Cruellas, Universitat Politècnica de Catalunya (17
February 2009, 16 September 2008)
Chris Solc, Adobe (3 March 2009, 20 October 2008 F2F am)
Scott Cantor, invited expert (24 March 2009)
Ed Simon, Invited Expert (31 March 2009)
John Wray, IBM (21 April 2009)
Kelvin Yiu, Microsoft (28 April 2009)
Bruce Rich, IBM (5 May 2009)
Sean Mullan, Sun (12 May 2009 F2F am)
Gerald Edgar, Boeing (12 May 2009 F2F pm, 7 April 2009)
Brian LaMacchia, Microsoft (13 May 2009 F2F am)
Pratik Datta, Oracle (13 May 2009 F2F pm)
Magnus Nyström, EMC (2 June, 2009, 24 March 2009)
Cynthia Martin, MITRE (9 June 2009)
Hal Lockhart, Oracle (16 June 2009, 9 December 2008)
Shivaram Mysore, Invited Expert (23 June 2009,  F2F 14 January 2009, pm)

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 6 July 2009 15:26:30 UTC