Author
Frederick Hirsch
<frederick.hirsch@nokia.com>
Magnus Nyström
<magnus@rsa.com>
Date
$Date: 2009/07/14
08:58:22 $
This document
summarizes the changes that the XML Security Working Group has made to the XML
Encryption Syntax and Processing Specification in preparing a proposed 1.1.
Updated to Version 1.1, updated date and version links. Updated
editor information to add Magnus Nyström as editor,
Add subsections to section 3.5 for key derivation.
Add subsections to section 5 for algorithm subsections.
Added new subsection describing this new ds:KeyInfo child.
Added key derivation as an option (step 2)
Added key derivation as an option (step 2)
5.1 Algorithm
Identifiers and Implementation Requirements
Added AES-128|192|256-pad key wrap mechanisms as OPTIONAL.
Changed SHA-1 to REQUIRED, but DISCOURAGED.
Changed SHA-256 to REQUIRED
Added SHA-384 as OPTIONAL
Added Canonical XML 1.1 (omit comments) as OPTIONAL
Added Canonical XML 1.1 with comments as OPTIONAL
Removed Message Authentication (not normative)
Added key derivation algorithms.
New section added defining two key derivation algorithms.
Revised introduction paragraph and description for clarity.
Removed Section 5.6.1 - Checksums - as it was not required after
making the change to 5.6.2 and 5.6.3 (see below).
Removed detailed, step-by-step description of Triple-DES key wrap
from (what used to be) 5.6.2, replaced with reference to IETF RFC 3217.
Removed detailed, step-by-step description of AES key wrap from
(what used to be) 5.6.3, replaced with reference to RFC 3397.
Added text to explain reason for discouraging use of SHA-1.
Section deleted as per resolution on WG call 900602.
Added XML Canonicalization 1.1 (both omitting and with comments)
Split references section into normative and informative sections.
Added links for references
Updated SHA reference to FIPS-186-3
Updated XML Signature reference to XML Signature 1.1
Updated Glossary RFC 2828 to RFC 4949
Added Media Types RFC 3023 update to MIME-REG RFC 2048 reference
Updated UTF-8 RFC 2279 to RFC 3629
Updated URI RFC 3406 to RFC 3986
Updated X509v3 from ISO/IEC 9594-8:1997 to 9594-8:2001, added link
Updated RFC 1750 to RFC 4086
Updated RFC 2396 to RFC 3986
Updated RFC 2437 to RFC 3447
Updated Draft-Houseley-KW-PAD reference to pad-03
Updated Reference for FIPS-186-3 to reflect final publication.
Added reference to recent work on SHA-1 analysis (to be changed
once paper appears on IACR.org).
**Updated the following references to reflect final publication: AES-WRAP, DRAFT-HOUSLEY-KW-PAD,
SHA, XML-DSIG, XMLDSIG11, Glossary, MIME-REG, and UTF-8.
**Added web link for ANSI X9.52.
**Removed the old XML Signature reference, retaining only
reference for Signature 1.1, naming it XML-DSIG.