W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2009

ACTION-287: Align XMLENC 1.1 with XMLDSIG 1.1

From: Magnus Nyström <magnus@rsa.com>
Date: Wed, 27 May 2009 11:32:37 +0200 (W. Europe Daylight Time)
To: public-xmlsec@w3.org
Message-ID: <Pine.WNT.4.64.0905261824540.5584@W-JNISBETTEST-1.tablus.com>
All,

In response to ACTION-287, I have attempted to compare the normative 
statements on algorithms in XMLEnc 1.1 with those in XMLDsig 1.1. Besides 
the natural differences (XMLDsig not listing encryption algorithms and 
v.v.), there are a few areas where it does seem justified to align the 
two specs:

- XMLEnc has RIPEMD-160 listed as optional; XMLDsig does not mention this
   digest algorithm.
- XMLEnc just refers to XMLDsig for message authentication algorithms - we
   did discuss this during the F2F and having now looked at this more
   closely, my recommendation is to remove Section 5.8 (and the
   corresponding entry in 5.1) in XMLEnc 1.1 since, AFAICS, message auth is
   not mentioned or required elsewhere in XMLEnc.
- All canonicalization is optional in XMLEnc (maybe this is OK?).
- XMLEnc does not mention transform algorithms (but should probably given
   the CipherReference type, see XMLEnc Section 3.3.1). If the group
   agrees that it should, I guess the same normative statements as are in
   XMLDsig 1.1 with regards to transforms should apply?

-- Magnus
Received on Wednesday, 27 May 2009 09:33:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT