# XML Security Working Group Teleconference

## 04 Oct 2011

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Frederick_Hirsch, Hal_Lockhart, Pratik_Datta

Regrets

    Scott_Cantor, Brian_LaMacchia, Magnus_Nystrom

Chair

    Frederick_Hirsch

Scribe

    fjh

## Contents

  * [Topics][5]

    1. [Administrative][6]

    2. [Minutes Approval][7]

    3. [Editorial and status updates][8]

    4. [XML Signature 2.0][9]

    5. [XML Encryption 1.1: ConcatKDF][10]

    6. [XML Encryption 1.1: OAEP and SHA-1][11]

    7. [Interop and testing][12]

    8. [Adjourn][13]

  * [Summary of Action Items][14]

* * *

<trackbot> Date: 04 October 2011

### Administrative

<scribe> ScribeNick: fjh

PAG status, [http://www.w3.org/2011/xmlsec-pag/questions.html][15]

**RESOLUTION: Cancel teleconference on 6 December and 27 December**

<scribe> **ACTION:** fjh to update explanation of changes for XML Signature
1.1 [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action01][16]]

<trackbot> Created ACTION-838 - Update explanation of changes for XML
Signature 1.1 [on Frederick Hirsch - due 2011-10-11].

<scribe> **ACTION:** fjh to update explanation of changes for XML Encryption
1.1 [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action02][17]]

<trackbot> Created ACTION-839 - Update explanation of changes for XML
Encryption 1.1 [on Frederick Hirsch - due 2011-10-11].

### Minutes Approval

Approve minutes, 27 September 2011

[http://lists.w3.org/Archives/Public/public-
xmlsec/2011Sep/att-0057/minutes-2011-09-27.html][18]

**RESOLUTION: Minutes from 27 September 2011 are approved**

### Editorial and status updates

Updated XSD and RELAX NG schema files with updated copyright,
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0065.html][19]
(Frederick)

Updated IETF RFC references, [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Sep/0066.html][20] (Frederick)

RetrievalMethod change reviewed, ACTION-834,
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0064.html][21]
(Thomas)

### XML Signature 2.0

LC-2488 updates

[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0046.html][22]
(Pratik)

Additional editorial feedback on proposal -
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0051.html][23]
(Paul Grosso)

fjh: change from Pratik looks good to me

<scribe> **ACTION:** pdatta to update XML Signature 1.1 and 2.0 with change in
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0006.html][24]
[recorded in [http://www.w3.org/2011/10/04-xmlsec-minutes.html#action03][25]]

<trackbot> Created ACTION-840 - Update XML Signature 1.1 and 2.0 with change
in [http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0006.html][24]
[on Pratik Datta - due 2011-10-11].

<scribe> **ACTION:** pdatta to add link to canonical XML 2.0 samples into the
spec [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action04][26]]

<trackbot> Created ACTION-841 - Add link to canonical XML 2.0 samples into the
spec [on Pratik Datta - due 2011-10-11].

### XML Encryption 1.1: ConcatKDF

[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0049.html][27]

magnus email -> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Oct/0005.html][28]

**RESOLUTION: adopt XML Encryption 1.1 section 5.4.1 change proposed by
Magnus**

pdatta: question remains for ephemeral case

<pdatta> [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Sep/0063.html][29]

pdatta: note that I already made it clear that question is about ephemeral-
static

fjh: suggest you resend that message to the NIST contact Hal provided as well
as our public list

### XML Encryption 1.1: OAEP and SHA-1

fjh: status summarized in my email - [http://lists.w3.org/Archives/Public
/public-xmlsec/2011Oct/0001.html][30]

... I originally suggested we remove XML and use the OAEPParams only but Scott
noted that won't be compatibible given existing implementations

... Magnus suggested we not add XML for MGF,
[http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0004.html][31]

... proposal is to rely on OAEPParams for MGF definition, but XML for hash
value

... change is to update wording so that it is clear what MGF default is, but
not to only require that value , allowing update in OAEPParams

<scribe> **ACTION:** fjh to propose updated spec language to address OAEP and
SHA-1 issue [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action05][32]]

<trackbot> Created ACTION-842 - Propose updated spec language to address OAEP
and SHA-1 issue [on Frederick Hirsch - due 2011-10-11].

### Interop and testing

W3C Testing FAQ, [http://www.w3.org/QA/WG/2005/01/test-faq][33]

Test Cases for C14N 1.1 and XMLDSig Interoperability,
[http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/][34]

1.0 interop [http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html][35]

ACTION-779, ACTION-793

[http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0056.html][36]
(Gerald)

pdatta: making table for key agreement choices, table for keywrap choices,
symmetric key choices

fjh: latest from Gerald separates out 1.0 from 1.1 and 2.0 which should be
helpful, [http://lists.w3.org/Archives/Public/public-
xmlsec/2011Sep/0056.htm][37]

pdatta: will share the table I am creating and then we can consider how to
merge with what Gerald has produced

fjh: that sounds good

<scribe> **ACTION:** fjh to follow up on possible additional interop
participants [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action06][38]]

<trackbot> Created ACTION-843 - Follow up on possible additional interop
participants [on Frederick Hirsch - due 2011-10-11].

### Adjourn

## Summary of Action Items

**[NEW]** **ACTION:** fjh to follow up on possible additional interop
participants [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action06][38]]

**[NEW]** **ACTION:** fjh to propose updated spec language to address OAEP and
SHA-1 issue [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action05][32]]

**[NEW]** **ACTION:** fjh to update explanation of changes for XML Encryption
1.1 [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action02][17]]

**[NEW]** **ACTION:** fjh to update explanation of changes for XML Signature
1.1 [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action01][16]]

**[NEW]** **ACTION:** pdatta to add link to canonical XML 2.0 samples into the
spec [recorded in [http://www.w3.org/2011/10/04-xmlsec-
minutes.html#action04][26]]

**[NEW]** **ACTION:** pdatta to update XML Signature 1.1 and 2.0 with change
in [http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0006.html][24]
[recorded in [http://www.w3.org/2011/10/04-xmlsec-minutes.html#action03][25]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][39] version 1.135 ([CVS
log][40])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0000.html

   [4]: http://www.w3.org/2011/10/04-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #item08

   [14]: #ActionSummary

   [15]: http://www.w3.org/2011/xmlsec-pag/questions.html

   [16]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action01

   [17]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action02

   [18]: http://lists.w3.org/Archives/Public/public-
xmlsec/2011Sep/att-0057/minutes-2011-09-27.html

   [19]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0065.html

   [20]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0066.html

   [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0064.html

   [22]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0046.html

   [23]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0051.html

   [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0006.html

   [25]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action03

   [26]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action04

   [27]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0049.html

   [28]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0005.html

   [29]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0063.html

   [30]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0001.html

   [31]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0004.html

   [32]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action05

   [33]: http://www.w3.org/QA/WG/2005/01/test-faq

   [34]: http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/

   [35]: http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html

   [36]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0056.html

   [37]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0056.htm

   [38]: http://www.w3.org/2011/10/04-xmlsec-minutes.html#action06

   [39]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [40]: http://dev.w3.org/cvsweb/2002/scribe/