W3C

XML Security Working Group Teleconference

12 Jun 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Chris_Solc, Brian_LaMacchia, Scott_Cantor, Bruce_Rich, Pratik_Datta
Regrets
Chair
Frederick_Hirsch
Scribe
fjh

Contents


<trackbot> Date: 12 June 2012

<scribe> ScribeNick: fjh

Administrative

Publishing moratoria for rest of 2012: http://lists.w3.org/Archives/Public/public-xmlsec/2012May/0011.html

fjh: The PAG is progressing and should hopefully produce a report soon

Minutes Approval

Approve minutes, 29 May 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012May/att-0010/minutes-2012-05-29.html

RESOLUTION: Minutes from 29 May 2012 are approved

AES-192-GCM, ISSUE-231

Added to XML Encryption 1.1 editors draft and XML Security Algorithms Cross-Reference

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0005.html

RESOLUTION: Agree to add AES-192-GCM to XML Encryption 1.1 to correct omission

XML Encryption 1.1 interop

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0002.html (Scott)

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0007.html

scantor: pratik will fix the test case to say SHA-1 instead of SHA-256
... issue with interop, no leading 0 is there, suggests an issue with the generation of the test, need to work with pratik to resolve

bal: GCM will only be available through CNG (Crypto Next Gen)

fjh: will need to continue this interop discussion on the list

status of interop - http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.src.html

Next steps for XML Signature 1.1 interop

Number of tests remain open, see http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.src.html

scantor: my focus is on GCM with XML Encryption 1.1
... may be able to add some additional signature features to code, not sure
... do not want to lose 1.1 key info extensions since needed for SAML
... not sure how to interop test these

bal: in earlier tests - test can be to parse element, and use it to validate signature, ensure enough information that implementation could read value and use it

fjh: I suspect group members have tested HMACOutputLength already

pdatta: yes we have tested this

brich: might be hard to have interop case

fjh: must have a unit test available

pdatta: yes , this has been tested

<scribe> ACTION: pdatta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [recorded in http://www.w3.org/2012/06/12-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-888 - Distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [on Pratik Datta - due 2012-06-19].

ACTION-888: #6 in http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core1-interop/Overview.src.html

<trackbot> ACTION-888 Distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length notes added

Action Items

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-01-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

fjh: need to follow up with Donald Eastlake on this, since there is an RFC dependency

ACTION-887?

<trackbot> ACTION-887 -- Hal Lockhart to draft text on HMAC truncation for XML Signature best practices -- due 2012-05-22 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/887

ISSUE-231?

<trackbot> ISSUE-231 -- AES192-GCM missing in XML Encryption 1.1 -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/231

ISSUE-231: added AES192-GCM to XML Signature 1.1 editors draft and to XML Security Algorithms Cross-Reference

<trackbot> ISSUE-231 AES192-GCM missing in XML Encryption 1.1 notes added

ISSUE-231 closed

<trackbot> ISSUE-231 AES192-GCM missing in XML Encryption 1.1 closed

Other business

none

Adjourn

Summary of Action Items

[NEW] ACTION: pdatta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length [recorded in http://www.w3.org/2012/06/12-xmlsec-minutes.html#action01]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $