# XML Security Working Group Teleconference ## 13 Sep 2011 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Cynthia_Martin, Scott_Cantor, Brian_LaMacchia, Bruce_Rich, Hal_Lockhart, ThomasRoessler, Pratik_Datta Regrets Chair Frederick_Hirsch Scribe Hal ## Contents * [Topics][5] 1. [Administrative][6] 2. [Minutes Approval][7] 3. [XML Encryption 1.1][8] 4. [XML Security 2.0][9] 5. [Editorial updates][10] 6. [Adjourn][11] * [Summary of Action Items][12] * * * Date: 13 September 2011 ### Administrative ScribeNick: Hal New Version Notification for draft-eastlake-additional-xmlsec- uris-01.txt, [http://lists.w3.org/Archives/Public/public- xmlsec/2011Sep/0041.html][13] Additional editors tools, [http://lists.w3.org/Archives/Member/member- xmlsec/2011Sep/0000.html][14] **ACTION:** fjh to check documents for up to date IETF references [recorded in [http://www.w3.org/2011/09/13-xmlsec-minutes.html#action01][15]] Created ACTION-835 - Check documents for up to date IETF references [on Frederick Hirsch - due 2011-09-20]. TPAC 2011 Plenary Day (wed) request for ideas, [http://www.w3.org/wiki/TPAC2011/SessionIdeas][16] TPAC registration reminder, fee goes up after 14 October - [http://www.w3.org/2011/11/TPAC/#Registrati][17] Note: XMLSec is *not* meeting during TPAC ### Minutes Approval Approve minutes, 6 September 2011 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Sep/att-0023/minutes-2011-09-06.html][18] **RESOLUTION: 6 September minutes approved** proposed RESOLUTION: cancel teleconference on 25 Oct, 1 Nov, 22 Nov **RESOLUTION: cancel teleconference on 25 Oct, 1 Nov, 22 Nov** ### XML Encryption 1.1 proposed algorithm change: [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0014.html][19] (Frederick) ACTION-829, [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0048.html][20] (Scott) [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0083.html][21] bal: pkcs 1.5 still used in industry, so suggest sticking with security consideration ...: no stronger proofs justifying switch in algorithms bal: RSA-KEM is promising approach going forward, but implementations might need time to catch up bal: Concerned about time to adjust to new padding alg ... don't see compelling reason to abandon 1.5 scantor: need to consider existing implementations and potential issue with use of algorithm Scott: need to either change alg or document probs in detail Brian: agree with you, when is paper coming out? fjh: perhaps now we can reference the paper ... what is relationship between this and generic hybrid cypher? I also agree with Brian that introducing KEM as the MTI solution is not practical for software reasons Brian: don't know ... KEM is general technique why not require RSA-KEM as transport alg in XML Encryption 1.1? Brian: if we want to change long term, we need to study it carefully .. concern about mistakes in change of algs, impact of adoption is a 2.0 XML Encryption a reasonable thought for this WG - probably not in the charter time frame... Brian: basically KEM makes it harder for dev to code vulnerable code hal: can we just add security considerations for 1.1 and reconsider 2.0? fjh: propose we do that if charter allows Scott: need to make it clear you can use OAEP with 192 bit keys fjh: I have been making other changes to current draft tlr: owe respones to vendors and to paper authors ... proposal seems reasonable ... don't wwant people to default to 1.5, but no implementation would be worse need additional guidance in paper regarding pkcs 1.5 fjh: if 1.1 ends up waiting on PAG, we could do things in the meantime ... need resolution to not change algs ... need to draft security considerations Scott: I could try a first draft brich: in previous case, paper was published much later than expected by authors proposed RESOLUTION: No changes to XML Encryption 1.1 algorithm requirements brich: most impls seem to support OAEP ... KEM has litle implementation support ... moving from 1.5 to OAEP will be difficult in field, although might be best from security point of view scott: we already require OAEP correct scott: 2 questions, depricate 1.5 apparently not also require OAEP 192 bit support "Implementations must implement RSA-OAEP for the transport of 128 and 256 bit keys." Brian: OAEP is independant of key length, weird we are not requiring 192 bit support [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec- RSA-OAEP][22] scott: support is linked to 3DES scott proposal, [http://lists.w3.org/Archives/Public/public- xmlsec/2011Aug/0048.html][20] scott: typically base choice of alg on key type ... should require support for all key sizes proposed change "The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256 bits for AES. Implementations MUST implement RSA-OAEP for the transport of all key types and sizes that are mandatory to implement for symmetric encryption. They MAY implement RSA-OAEP for the transport of other keys." what about the use of SHA-1 with OAEP as mentioned in Scott's msg Scott: should require at least one other Brian: need to discuss with Magnus proposed RESOLUTION: No changes to XML Encryption 1.1 algorithm requirements **RESOLUTION: No changes to deprecate pkcs 1.5 in to XML Encryption 1.1 algorithm requirements** **ACTION:** bal to provide guidance text and to review SHA-1 with OAEP [recorded in [http://www.w3.org/2011/09/13-xmlsec-minutes.html#action02][23]] Created ACTION-837 - Provide guidance text and to review SHA-1 with OAEP [on Brian LaMacchia - due 2011-09-20]. ### XML Security 2.0 [http://lists.w3.org/Archives/Public/public- xmlsec/2011Sep/0040.html][24] LC-2488 **RESOLUTION: Adopt proposal proposal to address LC-2488 in message [http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0040.html][24]** ### Editorial updates Updated XSD schemas with copyright, ACTION- 831, [http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0025.html][25] (Frederick) ### Adjourn ## Summary of Action Items **[NEW]** **ACTION:** bal to provide guidance text and to review SHA-1 with OAEP [recorded in [http://www.w3.org/2011/09/13-xmlsec- minutes.html#action02][23]] **[NEW]** **ACTION:** fjh to check documents for up to date IETF references [recorded in [http://www.w3.org/2011/09/13-xmlsec-minutes.html#action01][15]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][26] version 1.135 ([CVS log][27]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0042.html [4]: http://www.w3.org/2011/09/13-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #ActionSummary [13]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0041.html [14]: http://lists.w3.org/Archives/Member/member-xmlsec/2011Sep/0000.html [15]: http://www.w3.org/2011/09/13-xmlsec-minutes.html#action01 [16]: http://www.w3.org/wiki/TPAC2011/SessionIdeas [17]: http://www.w3.org/2011/11/TPAC/#Registrati [18]: http://lists.w3.org/Archives/Public/public- xmlsec/2011Sep/att-0023/minutes-2011-09-06.html [19]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0014.html [20]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0048.html [21]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Aug/0083.html [22]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html #sec-RSA-OAEP [23]: http://www.w3.org/2011/09/13-xmlsec-minutes.html#action02 [24]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0040.html [25]: http://lists.w3.org/Archives/Public/public-xmlsec/2011Sep/0025.html [26]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [27]: http://dev.w3.org/cvsweb/2002/scribe/