W3C home > Mailing lists > Public > public-xmlsec@w3.org > November 2011

CfC: close ISSUE-230, CBC Attack on XML Encryption

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 30 Nov 2011 17:22:23 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <D8EB1FFB-580E-4FE1-A56C-4E8AFCCF3016@nokia.com>
This is a Call for Consensus (CfC) to close ISSUE-230 as resolved.

ISSUE-230, http://www.w3.org/2008/xmlsec/track/issues/230 :

"CBC attack on XML Encryption, http://www.nds.rub.de/research/publications/breaking-xml-encryption/  "

To address the CBC attack on XML Encryption, we changed AES128-GCM from Optional to REQUIRED in XML Encryption 1.1 as well as adding warning notes and security consideration text.

If you disagree with closing this issue as resolved with this change to XML Encryption 1.1, please note so on the public list. If you agree with closing the issue, please respond indicating support to close the issue. No response will be interpreted as agreement.

Please respond by Friday, 9 December.  Hearing no objection, the issue will be closed after that date.

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

For tracker, this should complete ACTION-861
Received on Wednesday, 30 November 2011 17:23:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 November 2011 17:23:53 GMT