# XML Security Working Group Teleconference

## 24 Jul 2012

[Agenda][3]

See also: [IRC log][4]

## Attendees

Present

    Frederick_Hirsch, Hal_lockhart, Pratik_Datta, Gerald_Edgar, Scott_Cantor,
Bruce_Rich, Thomas_Roessler

Regrets


Chair

    Frederick_Hirsch

Scribe

    fjh

## Contents

  * [Topics][5]

    1. [Announcements, agenda review][6]

    2. [Minutes Approval][7]

    3. [XML Signature 1.1 and 2.0 updates][8]

    4. [Test cases and Interop][9]

    5. [Roadmap][10]

    6. [Additional XML Encryption 1.1 security considerations][11]

    7. [Action review][12]

    8. [Adjourn][13]

  * [Summary of Action Items][14]

* * *

<trackbot> Date: 24 July 2012

<scribe> ScribeNick: fjh

### Announcements, agenda review

"XML Signature Best Practices" is now published as W3C Note, see
[http://www.w3.org/TR/2012/NOTE-xmldsig-bestpractices-20120710/][15]

expect PAG to complete during August

### Minutes Approval

Approve minutes, 3 July 2012

[http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jul/att-0009/minutes-2012-07-03.html][16]

**RESOLUTION: Minutes from 3 July 2012 are approved.**

### XML Signature 1.1 and 2.0 updates

Updated XML Signature 1.1 and 2.0 editors drafts for HMAC-SHA224 and
ECDSAwithSHA224, [http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jul/0016.html][17] (Frederick)

Updated XML Signature 1.1 and 2.0 editors drafts to add RSAwithSHA224,
[http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0020.html][18]
(Frederick)

Updated XML Signature 1.1 and 2.0 to remove notes regarding ECC. (Frederick)

### Test cases and Interop

ACTION-888?

<trackbot> ACTION-888 -- Pratik Datta to distribute test case and result for
testing XML Signature 1.1 HMACOutputLength minimum length -- due 2012-06-19 --
OPEN

<trackbot> [http://www.w3.org/2008/xmlsec/track/actions/888][19]

[http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.src.html
#sec-AlgorithmOther][20]

scantor: consider using the previous truncation test, but now have an error
result with that test

fjh: in merlin tests?

hal: think so

scantor: will have some time next month but do we have examples of KeyInfo
type of test

fjh: old tests used elements implicitly to verify signature, some of these are
different, might need some test harness

scantor: that is the problem

Signature 1.1 [http://www.w3.org/2008/xmlsec/Drafts/xmldsig-
core1-interop/Overview.src.html][21]

fjh: Additional tests needed for XML Signature 1.1: SHA224 items: ECDSA-
SHA224, HMAC-SHA224, RSAwithSHA224

... X509Data OCSPResponse, X509Digest; KeyInfo - DEREncodedKeyValue,
KeyInfoReference

... HMACOutputLength

<tlr> oh

scantor: Apache Sanuario has X509Digest, DEREncodedKeyValue and
KeyInfoReference

fjh: need more than one implementation to demonstrate interop

scantor: I have two implementations, they are separate code bases

fjh: that would count technically, though it might be an issue if you wrote
both and had similar errors

tlr: share that concern

fjh: however it would help us conclude

hal: would prefer another implementation

tlr: do we have anyone else implementing?

fjh: these are relatively small items and would prefer to have them

... have been asking offline about implementations for some time, have not
heard from other than Scott

[http://www.w3.org/2008/xmlsec/wiki/Roadmap][22]

<scribe> **ACTION:** tlr to check with team whether CR draft can have features
marked as at risk during CR without an additional LC cycle [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action01][23]]

<trackbot> Created ACTION-890 - Check with team whether CR draft can have
features marked as at risk during CR without an additional LC cycle [on Thomas
Roessler - due 2012-07-31].

fjh: I do not want to see Scott do additional work if it will not have a
concrete result, thus would like to determine if we have any additional
implementation plans now

pdatta: SHA-224 we have implementation

<scribe> **ACTION:** pdatta to put SHA-224 test cases and results for interop
into CVS [recorded in [http://www.w3.org/2012/07/24-xmlsec-
minutes.html#action02][24]]

<trackbot> Created ACTION-891 - Put SHA-224 test cases and results for interop
into CVS [on Pratik Datta - due 2012-07-31].

X509Data OCSPResponse, X509Digest; KeyInfo - DEREncodedKeyValue,
KeyInfoReference

<scribe> **ACTION:** pdatta to check on adding KeyInfoReference [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action03][25]]

<trackbot> Created ACTION-892 - Check on adding KeyInfoReference [on Pratik
Datta - due 2012-07-31].

encryption interop - [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-
core1-interop/Overview.src.html][26]

fjh: need one more implementation of Key Agreement algorithms, ECDH, DH

... can IBM help here?

... also need AES-128-GCM, scott had problem preventing this from completing

<scantor> I wasn't able to decrypt the key in the GCM-128 vector

scantor: problem was not with GCM but with the key

<scribe> **ACTION:** magnus to check on AES-128-GCM interop test [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action04][27]]

<trackbot> Created ACTION-893 - Check on AES-128-GCM interop test [on Magnus
Nystrom - due 2012-07-31].

fjh: Symmetric Key Wrap algorithm

... anyone working AES-128-pad, 192/256?

scantor: do not need these

fjh: what is the status of SHA-384?

tlr: rules for optional features are more lax

... if we remove algorithms, put URIs in non-normative appendix, "WG
considered, these URIs are reserved, but no interop has been done"

scantor: all the keyinfo stuff is optional

tlr: show each feature of the technical report has been implemented, should
demonstration 2 implementations of each feature, can accept if critical
without interop

... can negotiate for optional features, might keep have 1 implementation

fjh: for CR we said two

tlr: URI reservation for optional algorithms might make sense to not require 2
algorithms

... lots of grey areas

<scribe> **ACTION:** tlr to discuss with team and director process issues
about Signature 1.1/Encryption 1.1 to rec with some optional URIs for
algorithms that do not have 2 implementations [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action05][28]]

<trackbot> Created ACTION-894 - Discuss with team and director process issues
about Signature 1.1/Encryption 1.1 to rec with some optional URIs for
algorithms that do not have 2 implementations [on Thomas Roessler - due
2012-07-31].

tlr: summary - interest in relaxing some of the CR exit criteria over what we
had, need decisions from WG and director.

fjh: we need to give an early heads up to the W3C team regarding our plans and
options, need to complete interop in August and then end of August make a
decision as to what is kept in with 1 implementation and what is removed

... this is necessary to bring the work to completion by year end

pdatta: SHA-384 is in encyrption but is also in signature

fjh: yes, so we can mark it as done in encryption

<scribe> **ACTION:** fjh to send CfC to list to close out interop on RSA-OAEP
key transport as we have it for one MGF function, question is that enough
[recorded in [http://www.w3.org/2012/07/24-xmlsec-minutes.html#action06][29]]

<trackbot> Created ACTION-895 - Send CfC to list to close out interop on RSA-
OAEP key transport as we have it for one MGF function, question is that enough
[on Frederick Hirsch - due 2012-07-31].

### Roadmap

fjh walked WG through planned roadmap, see
[http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0005.html][30]

tlr: 1 week wait from transition request and transition call; publication can
be very fast

... assuming no surprises in PR review can publish REC without directors call
- these steps do not involve WG, only team

fjh: need to update references in publication of REC after PR

### Additional XML Encryption 1.1 security considerations

discussion of how to deal with possible additional attacks, WG agreed to add
additional security consideration to XML Encryption 1.1

### Action review

ACTION-889 closed

<trackbot> ACTION-889 Arrange publication of XML Signature Best Practices
closed

### Adjourn

Please review roadmap, interop and actions to complete interop in August. At
end of August we will update the documents to progress toward REC. Thanks
everyone.

## Summary of Action Items

**[NEW]** **ACTION:** fjh to send CfC to list to close out interop on RSA-OAEP
key transport as we have it for one MGF function, question is that enough
[recorded in [http://www.w3.org/2012/07/24-xmlsec-minutes.html#action06][29]]

**[NEW]** **ACTION:** magnus to check on AES-128-GCM interop test [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action04][27]]

**[NEW]** **ACTION:** pdatta to check on adding KeyInfoReference [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action03][25]]

**[NEW]** **ACTION:** pdatta to put SHA-224 test cases and results for interop
into CVS [recorded in [http://www.w3.org/2012/07/24-xmlsec-
minutes.html#action02][24]]

**[NEW]** **ACTION:** tlr to check with team whether CR draft can have
features marked as at risk during CR without an additional LC cycle [recorded
in [http://www.w3.org/2012/07/24-xmlsec-minutes.html#action01][23]]

**[NEW]** **ACTION:** tlr to discuss with team and director process issues
about Signature 1.1/Encryption 1.1 to rec with some optional URIs for
algorithms that do not have 2 implementations [recorded in
[http://www.w3.org/2012/07/24-xmlsec-minutes.html#action05][28]]


[End of minutes]

* * *

Minutes formatted by David Booth's [scribe.perl][31] version 1.135 ([CVS
log][32])

$Date: 2009-03-02 03:52:20 $

   [1]: http://www.w3.org/Icons/w3c_home

   [2]: http://www.w3.org/

   [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0029.html

   [4]: http://www.w3.org/2012/07/24-xmlsec-irc

   [5]: #agenda

   [6]: #item01

   [7]: #item02

   [8]: #item03

   [9]: #item04

   [10]: #item05

   [11]: #item06

   [12]: #item07

   [13]: #item08

   [14]: #ActionSummary

   [15]: http://www.w3.org/TR/2012/NOTE-xmldsig-bestpractices-20120710/

   [16]: http://lists.w3.org/Archives/Public/public-
xmlsec/2012Jul/att-0009/minutes-2012-07-03.html

   [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0016.html

   [18]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0020.html

   [19]: http://www.w3.org/2008/xmlsec/track/actions/888

   [20]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-
core1-interop/Overview.src.html#sec-AlgorithmOther

   [21]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig-
core1-interop/Overview.src.html

   [22]: http://www.w3.org/2008/xmlsec/wiki/Roadmap

   [23]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action01

   [24]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action02

   [25]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action03

   [26]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-
core1-interop/Overview.src.html

   [27]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action04

   [28]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action05

   [29]: http://www.w3.org/2012/07/24-xmlsec-minutes.html#action06

   [30]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jul/0005.html

   [31]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm

   [32]: http://dev.w3.org/cvsweb/2002/scribe/