W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2010

Urgent and Important: Open issues and actions related to XML Encryption 1.1 and Generic Hybrid Ciphers

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 3 May 2010 14:33:12 -0400
Message-Id: <D43CC68D-2E2F-4142-A01C-9533C2688FB1@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Please review the following list of open issues and actions relevant  
to getting to Last Call for XML Encryption 1.1 ; please provide  
updates on status.

(A) Open ISSUES

The following open issues appear to relate to XML Encryption 1.1 and  
Generic Hybrid Ciphers. Apart from the ECC issue, can we resolve the  
others before going to Last Call?

(1) ISSUE-91  ECC can't be REQUIRED

This can remain open as work progresses

(2) ISSUE-178 Highlight additional text constraints on XSD schema as  
such.

Is this essential or a "nice to have"?

(3) ISSUE-180 Section 8 identifies Joseph Reagle as the contact for  
the XML Encryption media type. This needs to be updated, perhaps to a  
generic identity?

(4) ISSUE-192 Namespaces for DerivedKey and pbkdf2 outside of xenc11  
namespace

resolved?

(5) ISSUE-194 Is "the ECPublicKey element" in Encryption 1.1 and  
Signature 1.1 actually the ECKeyValue element?

resolved?

(6) ISSUE-138 - What interoperability and security issues arise out of  
schema validation behavior?

2.0 issue?


(B) Open ACTIONS

The following open actions appear to relate to XML Encryption 1.1 and  
Generic Hybrid Ciphers

ACTION-280 Produce test cases for derived keys ; Magnus Nyström

Not an action needed to enter last call?

ACTION-452 Review the XML ENC v1.1 document ; Scott Cantor

(C) ACTIONS to Close?

I believe the following actions can be closed, correct?

ACTION-238;  Update the proposal associated with ACTION-222 and send  
to list.; Thomas Roessler

ACTION-515;  Propose the schema addition for issue-186 (normative  
content of 5.4.2, PBKDF2); Aldrin J D'Souza

ACTION-533;  Implement proposed change to XML Encryption 1.1 per  
proposal to resolve ISSUE-186; Aldrin J D'Souza

(D) Other

I assume actions to find out about implementations, test cases and  
interop are not essential for entering last call.

Please review the list of open issues and actions to see that they are  
associated with the correct products and if there is anything else  
related to moving XML Encryption 1.1 or Generic Hybrid Ciphers to Last  
Call.

http://www.w3.org/2008/xmlsec/track/issues/open

http://www.w3.org/2008/xmlsec/track/actions/open

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 3 May 2010 18:35:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 3 May 2010 18:35:01 GMT