W3C home > Mailing lists > Public > public-xmlsec@w3.org > April 2010

Re: Comment for the latest Working Draft of Encryption 1.1

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 6 Apr 2010 19:42:00 -0400
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, public-xmlsec-comments@w3.org, kanda.masayuki@lab.ntt.co.jp, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <1D725CB1-BFDE-4DD8-9BE6-4C404E8AA039@nokia.com>
To: ext Satoru Kanno <kanno.satoru@po.ntts.co.jp>
Satoru

The XML Security  WG discussed your original request to add the  
Camelia cipher to XML Encryption 1.1  on 16 June 2009 [1] after you  
raised it last year [2]. At that time the Working Group (WG)  decided  
not to add this additional algorithm to the XML Encryption 1.1  
specification, but to include it in the XML Security Algorithms Cross  
Reference [3]. We documented the decision to add it to the cross- 
reference but did not  formally make a resolution to not add it to XML  
Encryption 1.1 At the 30 March 2010 teleconference the WG re-affirmed  
its previous decision and made a formal resolution not to add Camelia  
to XML Encryption 1.1,  to document the decision for the record [4].

The reason the WG decided not to include this algorithm in the XML  
Encryption 1.1 specification itself has not changed. The rationale is  
that the XML Encryption 1.1 specification itself should include a   
minimum set of algorithm definitions and rely on extension points to  
allow additional algorithms. There are two reasons for this. First,   
algorithms included in the specification should have wide  
implementation support as evidenced by interop testing performed   
during the development of the specification, and adding additional  
algorithms has a WG cost in terms of formally testing  
interoperability. Secondly, including additional algorithms imposes   
additional costs and  requirements on developers.

However, since XML Encryption 1.1 is extensible, adoption of Camelia  
is possible with it. To enable this and facilitate the discovery of   
information about algorithms the WG has created the  XML Security  
Algorithms Cross Reference and has included Camelia in it.

Unless we have new arguments for adding this algorithm suite to the  
XML Encryption 1.1 we shall consider this issue closed (ISSUE-195 and   
ISSUE-134).

Thank you.

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

[1] http://www.w3.org/2009/06/16-xmlsec-minutes.html#item09

[2] ISSUE-134 , http://www.w3.org/2008/xmlsec/track/issues/134

[3] http://www.w3.org/TR/2010/WD-xmlsec-algorithms-20100316/

[4] http://www.w3.org/2010/03/30-xmlsec-minutes.html



On Mar 18, 2010, at 12:20 AM, ext Satoru Kanno wrote:

> Hi, Folks
>
> We have a comment for the latest Working Draft of Encryption 1.1.
>
> We strongly think that the Camellia cipher should be adopted
> by not only Cross-Reference but also XML Encryption 1.1.
> Because the Camellia cipher is described in RFC4051, which is Standard
> track RFC.
>
> Does this have any problems?
>
> Of course, current Cross-Reference document already includes the
> Camellia cipher.
>
> For your information, Camellia has been already adopted in TLS,
> IPsec, S/MIME, OpenPGPG, Kerberos (plans), and other standards.
> In addition, as open source software, Camellia is loaded to OpenSSL,
> Firefox, Linux, FreeBSD, MIT Kerberos KRB5 (scheduled), and so on.
> For more information on Camellia cipher, please see at;
> http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html
>
> Best regards,
>
> -- 
> Satoru Kanno
>
> Security Business Unit
> Mobile and Security Solution Business Group
> NTT Software Corporation
>
> e-mail: kanno.satoru@po.ntts.co.jp
>
>
>
Received on Tuesday, 6 April 2010 23:42:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 6 April 2010 23:43:00 GMT