# XML Security Working Group Teleconference ## 19 Jun 2012 [Agenda][3] See also: [IRC log][4] ## Attendees Present Frederick_Hirsch, Hal_Lockhart, Scott_Cantor, Ed_Simon, Gerald_Edgar, Brian_LaMacchia Regrets Chair Frederick_Hirsch Scribe fjh ## Contents * [Topics][5] 1. [Administrivia][6] 2. [Minutes Approval][7] 3. [XML Signature 1.1 and 2.0 Editors Draft Updates][8] 4. [PAG][9] 5. [Test cases and Interop][10] 6. [Best Practices Update][11] 7. [Publication Plans][12] 8. [Other Business][13] 9. [Adjourn][14] * [Summary of Action Items][15] * * * Date: 19 June 2012 ScribeNick: fjh ### Administrivia added to agenda Publication planning ### Minutes Approval [http://lists.w3.org/Archives/Public/public- xmlsec/2012Jun/att-0016/minutes-2012-06-12.html][16] **RESOLUTION: Revised minutes from 12 June 2012 are approved** ### XML Signature 1.1 and 2.0 Editors Draft Updates [http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0014.html][17] fjh: updated the XML Signature 1.1 and 2.0 drafts to clarify language around algorithms ### PAG fjh: PAG work is progressing, members only draft at [https://www.w3.org/2011 /xmlsec-pag/pagreport.html][18] ### Test cases and Interop ACTION-888? ACTION-888 -- Pratik Datta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length -- due 2012-06-19 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/888][19] scantor: will have to go with the approach pratik noted, unfortunately more work ... asks if anyone else has had problems with the first test [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test- cases/][20] bal: not sure, would need to check the one I haven't managed to decrypt the key for is [http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/files /cipherText__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml][21] ### Best Practices Update ACTION-887? ACTION-887 -- Hal Lockhart to draft text on HMAC truncation for XML Signature best practices -- due 2012-05-22 -- OPEN [http://www.w3.org/2008/xmlsec/track/actions/887][22] hal: is there ambiguity of what truncation means? ... doesn't seem to be defined in spec fjh: thought this was defined as part of algorithm hal: will work on action in next few days fjh: thought it is standard practice to truncate off the end bal: thought so as well ... new NIST spec out on truncating SHA-512 ... part of SHA-2 update ... could reference this if we do not have normative reference, truncate off the end ... we have not implemented truncation option, did not need it hal: important security reasons to truncate bal: why? hal: can reference paper, other attacks can be made more difficult with truncation ... best practice [http://csrc.nist.gov/groups/ST/hash/documents/Kelsey_Truncation.pdf][23] link to HMAC paper:[http://www.jucs.org/jucs_14_3/new_results_on_nmac][24] fjh: do we want to make a change to the spec to clarify truncation? hal: will look at original interop spec fjh: so you will confirm on list that truncation from end, then we may need to add language to spec and update to NIST hal: need to be clear on high order, low order, avoid bit ordering ambiguity ISSUE: clarify meaning of HMAC truncation Created ISSUE-232 - Clarify meaning of HMAC truncation ; please complete additional details at [http://www.w3.org/2008/xmlsec/track/issues/232/edit][25] . ### Publication Plans fjh: we have made a number of changes to XML Signature 1.1 since the last CR publication, including a clarification of serialization, clarifications related to KeyInfoReference, changing SHOULD for KeyInfoReference and adding REQUIRED for Exclusive C14N omits comments, among other changes. ... this suggests we should have an updated publication soon, need to determine whether we need another LC. ... probably want to address truncation clarification first, ISSUE-232 ... Likewise, we added optional AES192-GCM to XML Encryption 1.1, need to confirm whether this requires another LC or just a CR update. ... Seems like we should be able to update the CR of XML Signature 2.0 without LC for recent editorial updates related to ECC ... finally, we need to update Security Algorithms Cross-Reference, and RELAX NG Note, also publish updated Best Practices once newest addition is in place ... I am discussing with tlr offline ### Other Business fjh: once we complete interop and publication of our documents, we will need to think about maintenance and how that is handled. ... but this is probably early for discussion as we have to complete interop and other work to bring the 1.1 specs to REC (and possibly 2.0) ### Adjourn ## Summary of Action Items [End of minutes] * * * Minutes formatted by David Booth's [scribe.perl][26] version 1.135 ([CVS log][27]) $Date: 2009-03-02 03:52:20 $ [1]: http://www.w3.org/Icons/w3c_home [2]: http://www.w3.org/ [3]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0015.html [4]: http://www.w3.org/2012/06/19-xmlsec-irc [5]: #agenda [6]: #item01 [7]: #item02 [8]: #item03 [9]: #item04 [10]: #item05 [11]: #item06 [12]: #item07 [13]: #item08 [14]: #item09 [15]: #ActionSummary [16]: http://lists.w3.org/Archives/Public/public- xmlsec/2012Jun/att-0016/minutes-2012-06-12.html [17]: http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0014.html [18]: https://www.w3.org/2011/xmlsec-pag/pagreport.html [19]: http://www.w3.org/2008/xmlsec/track/actions/888 [20]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/ [21]: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/files /cipherText__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml [22]: http://www.w3.org/2008/xmlsec/track/actions/887 [23]: http://csrc.nist.gov/groups/ST/hash/documents/Kelsey_Truncation.pdf [24]: http://www.jucs.org/jucs_14_3/new_results_on_nmac [25]: http://www.w3.org/2008/xmlsec/track/issues/232/edit [26]: http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm [27]: http://dev.w3.org/cvsweb/2002/scribe/