- From: Juraj Somorovsky <juraj.somorovsky@rub.de>
- Date: 10 Jan 2013 08:13:17 +0100
- To: Frederick.Hirsch@nokia.com
- Cc: public-xmlsec@w3.org, "Tibor Jager" <tibor.jager@gmail.com>
Hi Frederick, we reviewed both issues and would like to confirm that our comments were addressed properly. Thank you Best Regards Juraj and Tibor On 01/07/2013 07:53 PM, Frederick.Hirsch@nokia.com wrote: > Juraj > > Thanks for your comments on the latest XML Encryption 1.1 draft. > > There were two comments we captured and recorded in our tracker tool: > > (1) Address backward compatibility attacks [1] > > We added a new security considerations section, also included the reference you provided [2]. We revised the text based on your and others comments. > > (2) Define key derivation function for deriving keys based on algorithm information [3] > > The WG agreed to defer to a possible version 1.2 of XML Encryption, given concerns about the late stage of the process, need for interop, and time for thought about the issue. Your previous message seemed to agree that some time might be required. > > The decision was recorded in a WG call for consensus email (see item #1 in CfC http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0015.html ) > > Can you please confirm that the XML Security WG has addressed both your comments by replying to this message (including the public list)? > > Sooner (e.g. this week) would be better as we are trying to conclude the PR this month. > > Thanks > > regards, Frederick > > Frederick Hirsch, Nokia > Chair XML Security WG > > [1] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2734 > > [2] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#sec-backwards-compatibility-attacks > > [3] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2735 > >
Received on Thursday, 10 January 2013 07:13:43 UTC