# XML Security Working Group Teleconference ## 12 Jun 2012 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Chris_Solc, Brian_LaMacchia, Scott_Cantor, Bruce_Rich, Pratik_Datta Regrets Chair Frederick_Hirsch Scribe fjh ## Contents * [Topics][5] 1. [Administrative][6] 2. [Minutes Approval][7] 3. [AES-192-GCM, ISSUE-231][8] 4. [XML Encryption 1.1 interop][9] 5. [Next steps for XML Signature 1.1 interop][10] 6. [Action Items][11] 7. [Other business][12] 8. [Adjourn][13] * [Summary of Action Items][14] * * * Date: 12 June 2012 ScribeNick: fjh ### Administrative Publishing moratoria for rest of 2012: [http://lists.w3.org/Archives/Public /public-xmlsec/2012May/0011.html][15] fjh: The PAG is progressing and should hopefully produce a report soon ### Minutes Approval Approve minutes, 29 May 2012 [http://lists.w3.org/Archives/Public/public- xmlsec/2012May/att-0010/minutes-2012-05-29.html][16] **RESOLUTION: Minutes from 29 May 2012 are approved** ### AES-192-GCM, ISSUE-231 Added to XML Encryption 1.1 editors draft and XML Security Algorithms Cross- Reference [http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0005.html][17] **RESOLUTION: Agree to add AES-192-GCM to XML Encryption 1.1 to correct omission** ### XML Encryption 1.1 interop [http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0002.html][18] (Scott) [http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0007.html][19] scantor: pratik will fix the test case to say SHA-1 instead of SHA-256 ... issue with interop, no leading 0 is there, suggests an issue with the generation of the test, need to work with pratik to resolve bal: GCM will likely only be available through CMG , but will check on it fjh: will need to continue this interop discussion on the list status of interop - [http://www.w3.org/2008/xmlsec/Drafts/xmlenc- core1-interop/Overview.src.html][20] ### Next steps for XML Signature 1.1 interop Number of tests remain open, see [http://www.w3.org/2008/xmlsec/Drafts /xmldsig-core1-interop/Overview.src.html][21] scantor: my focus is on GCM with XML Encryption 1.1 ... may be able to add some additional signature features to code, not sure ... do not want to lose 1.1 key info extensions since needed for SAML ... not sure how to interop test these bal: in earlier tests - test can be to parse element, and use it to validate signature, ensure enough information that implementation could read value and use it fjh: I suspect group members have tested HMACOutputLength already pdatta: yes we have tested this brich: might be hard to have interop case fjh: must have a unit test available pdatta: yes , this has been tested **ACTION:** pdatta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [recorded in [http://www.w3.org/2012/06/12-xmlsec-minutes.html#action01][22]] Created ACTION-888 - Distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [on Pratik Datta - due 2012-06-19]. ACTION-888: #6 in [http://www.w3.org/2008/xmlsec/Drafts/xmldsig- core1-interop/Overview.src.html][21] ACTION-888 Distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length notes added ### Action Items ACTION-238? ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-01-31 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/238][23] fjh: need to follow up with Donald Eastlake on this, since there is an RFC dependency ACTION-887? ACTION-887 -- Hal Lockhart to draft text on HMAC truncation for XML Signature best practices -- due 2012-05-22 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/887][24] ISSUE-231? ISSUE-231 -- AES192-GCM missing in XML Encryption 1.1 -- open [http://www.w3.org/2008/xmlsec/track/issues/231][25] ISSUE-231: added AES192-GCM to XML Signature 1.1 editors draft and to XML Security Algorithms Cross-Reference ISSUE-231 AES192-GCM missing in XML Encryption 1.1 notes added ISSUE-231 closed ISSUE-231 AES192-GCM missing in XML Encryption 1.1 closed ### Other business none ### Adjourn ## Summary of Action Items **[NEW]** **ACTION:** pdatta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [recorded in [http://www.w3.org/2012/06/12-xmlsec-minutes.html#action01][22]] [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][26] version 1.135 ([CVS log][27]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0008.html [4]: http://www.w3.org/2012/06/12-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #item08 [14]: #ActionSummary [15]: http://lists.w3.org/Archives/Public/public-xmlsec/2012May/0011.html [16]: http://lists.w3.org/Archives/Public/public- xmlsec/2012May/att-0010/minutes-2012-05-29.html [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0005.html [18]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0002.html [19]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0007.html [20]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc- core1-interop/Overview.src.html [21]: http://www.w3.org/2008/xmlsec/Drafts/xmldsig- core1-interop/Overview.src.html [22]: http://www.w3.org/2012/06/12-xmlsec-minutes.html#action01 [23]: http://www.w3.org/2008/xmlsec/track/actions/238 [24]: http://www.w3.org/2008/xmlsec/track/actions/887 [25]: http://www.w3.org/2008/xmlsec/track/issues/231 [26]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [27]: http://dev.w3.org/cvsweb/2002/scribe/