RE: Updated (v2) proposed XML Encryption 1.1 changes related to OAEP from Magnus Nystrom on 2011-10-07 (public-xmlsec@w3.org from October 2011)

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Fri, 7 Oct 2011 16:37:08 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>
CC: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D595068121825B7@TK5EX14MBXW603.wingroup.windeploy.ntde>

Not sure. If I have an implementation that strictly implements the current 1.0 schema I can imagine it failing upon seeing the MGF attribute?

-- Magnus

From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
Sent: Friday, October 07, 2011 5:35 AM
To: Magnus Nystrom
Cc: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
Subject: Re: Updated (v2) proposed XML Encryption 1.1 changes related to OAEP

Good point.

Anyone have any problem with the following additional to change to the proposal:

1. remove statement that MGF is in xenc11 namespace, remove xenc11 prefix from MGF use in text

2. add optional MGF attribute to EncryptionMethod in enc-schema.xsd:

 <complexType name='EncryptionMethodType' mixed='true'>
    <sequence>
      <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
      <element name='OAEPparams' minOccurs='0' type='base64Binary'/>
      <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
    </sequence>
    <attribute name='Algorithm' type='anyURI' use='required'/>
    <attribute name='MGF' type='anyURI' use='optional'/>
  </complexType>

Note that this is not the 1.1 schema but the 1.0 schema. However, this seems appropriate and as the new attribute is optional should not hurt existing implementations.

ok?

regards, Frederick

Frederick Hirsch
Nokia

On Oct 7, 2011, at 1:33 AM, ext Magnus Nystrom wrote:

Frederick, looks good to me but can you just add an attribute (even if optional) to the existing xenc: schema (even if the attribute itself is defined in xenc11)?

-- Magnus

From: public-xmlsec-request@w3.org<mailto:public-xmlsec-request@w3.org> [mailto:public-xmlsec-request@w3.org]<mailto:[mailto:public-xmlsec-request@w3.org]> On Behalf Of Frederick.Hirsch@nokia.com<mailto:Frederick.Hirsch@nokia.com>
Sent: Thursday, October 06, 2011 10:15 AM
To: public-xmlsec@w3.org<mailto:public-xmlsec@w3.org>
Cc: Frederick.Hirsch@nokia.com<mailto:Frederick.Hirsch@nokia.com>
Subject: Updated (v2) proposed XML Encryption 1.1 changes related to OAEP

Attached is updated (V2) clean and redline proposed XML Encryption 1.1 changes.

Shifted from using "Label" to "PSourceAlgorithm"

Corrected EncryptionMethod to be in xenc: namespace

Updated Algorithm Identifiers and Implementation Requriements to list two URIs for RSA-OAEP, with required for original - added note " (including MGF1 with SHA1) "
and new URI for version that allows specification of MGF (optional)

Added sentence to 3.2 that MGF attribute is in xenc11 namespace

Cleaned up 5.5.2 to better explain two URIs and parameters use and defaults

Please review and indicate if this is acceptable, if so I'll update the draft.

regards, Frederick

Frederick Hirsch
Nokia

Received on Friday, 7 October 2011 16:37:39 UTC