Agenda - Distributed Meeting 28 November 2011

Agenda: W3C XML Security WG Distributed Meeting 28 November  2011 Distributed Meeting

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review,  Liaisons, Announcements.

PAG update

2) Minutes Approval

Approve minutes, 8 November 2011

http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0005/minutes-2011-11-08.html

Proposed RESOLUTION: Minutes from 8 November 2011 are approved.

3) XML Encryption 1.1 Editors Draft updated

Updated XML Encryption 1.1 editors draft


  *   Changed AES128-GCM from Optional to REQUIRED, left AES-192-GCM as Optional, added warning, paper reference, new security consideration
     *   http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0006.html (Frederick)
  *   Correction to URL for new rsa-oaep algorithm, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0008.html
  *   Added algorithm to Security Algorithm Cross-Reference, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0009.html


4) XML Encryption 1.1 test cases and interop

http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0018.html (Pratik)

5) XML Security 2.0

Next steps?

6) Open Action and Issue review

6a) Open Actions

ACTION-238: Thomas Roessler to Update the proposal associated with ACTION-222 and send to list.

ACTION-717: Pratik Datta to Document the Performance improvements with 2.0

ACTION-841: Pratik Datta to Add link to canonical XML 2.0 samples into the spec

ACTION-847: Pratik Datta to Propose update to 2.0 algorithm requirements to encourage authenticating mode

ACTION-848: Bruce Rich to Contact OASIS ebXML community regarding large data issue and GCM

ACTION-850: Hal Lockhart to Review XML Encryption 1.1 security considerations and propose changes in light of today's discussion

ACTION-851: Pratik Datta to Propose text regarding KeyLength and PBKDF2, assuming we do not change the schemna

ACTION-856: Brian LaMacchia to Discuss with magnus possible encryption algorithms suitable for streaming

ACTION-857: Pratik Datta to Ask regarding risk of use of GCM without checking tag during processing

6b) Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

ACTION-854: Frederick Hirsch to Talk with thomas about encouraging implementation support for AES-GCM in existing algorithms

ACTION-855: Frederick Hirsch to Update XML Encryption 1.1 draft for AES-GCM mandatory to implement

6c) Issue review

http://www.w3.org/2008/xmlsec/track/issues/open

[OPEN] ISSUE-230 : CBC attack on XML Encryption, http://www.nds.rub.de/research/publications/breaking-xml-encryption/
/2008/xmlsec/track/issues/230<http://services.w3.org/2008/xmlsec/track/issues/230>


[OPEN] ISSUE-229 : Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1
/2008/xmlsec/track/issues/229<http://services.w3.org/2008/xmlsec/track/issues/229>


[OPEN] ISSUE-227 : CR of XML Encryption 1.1 requires update to namespace refs, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html
/2008/xmlsec/track/issues/227<http://services.w3.org/2008/xmlsec/track/issues/227>


[OPEN] ISSUE-122 : Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks ; on [XML Signature 2.0]

/2008/xmlsec/track/issues/122<http://services.w3.org/2008/xmlsec/track/issues/122>[OPEN] ISSUE-91 : ECC can't be REQUIRED ; on [XML Security - General]
/2008/xmlsec/track/issues/91<http://services.w3.org/2008/xmlsec/track/issues/91>


7) Other Business

8) Adjourn

Scribing  list
----------------
Magnus Nystrom, Microsoft (7 Sept 2010, 27 April, 2010)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010)
Pratik Datta, Oracle (4 January 2010, 27 July 2010)
Scott Cantor, invited expert (8 February 2011, 19 October 2010)
Meiko Jensen (15 Feb 2011, 2 November 2010 F2F)
Gerald Edgar, Boeing (24 May 2011, 12 April 2011, 18 January 2011)
Ed Simon, Invited Expert (7 June 2011, 8 March 2011)
Cynthia Martin, MITRE (7 June 2011, 29 March 2011)
Thomas Roessler (28 June 2011, 18 January 2011)
Chris Solc, Adobe (2 August 2011, 25 January 2011)
Shivaram Mysore, Invited Expert (6 September 2011, 19 April 2011)
Hal Lockhart, Oracle (13 September 2011, 9 August 2011)
Bruce Rich, IBM (18 October 2011, 1 March 2011)
Frederick Hirsch(8 November 2011, 11 October 2011, 4 October 2011, 27 September 2011)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  restricted  to registered WG participants and persons invited by the chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

Received on Monday, 28 November 2011 19:52:51 UTC