Call Tomorrow and Latest Draft from Joseph M. Reagle Jr. on 2000-02-02 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Wed, 02 Feb 2000 16:57:57 -0500
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <3.0.5.32.20000202165757.00a06100@localhost>

There will be a call tomorrow. Don's on the road, but I assume the
information given last week is the same. Don will be able to correct me this
evening if anything below is incorrect (or if he wants to tweak the agenda
below).

http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JanMar/0068.html
  There will be teleconference meetings of the XMLDSIG working group
  every other Thursday at 1PM Eastern US Time for 2 months starting
  February 3rd.  So they will be Feb 3, Feb 12, Mar 2, and Mar 16.

  Call in number is 1-800-351-4898 in the US, 1-334-260-2557
  International.  Password for all calls is "Signature".

__


An editorial copy of the latest draft can be found out:
        http://www.w3.org/Signature/Drafts/WD-xmldsig-core-20000203/

The substantive tweaks (and questions) are underlined (and displayed in red
using CSS) for those that want to see the diffs. We removed a few sections
as discussed at the  FTF (parameters, java, etc.) and also moved the
processing rules up closer to the front.

Potential Agenda Items include the following (and their sources)

FTF:
 - FAQ/Scenarios.
 - C14N Report
 - Interopability

LIST:
 - URI/IDREF

DOCUMENT
http://www.w3.org/Signature/Edits.html

-  1.3 General issue - the question was raised as to whether since the
version is implied by the namespace, do we need to make sure the version is
explicitly bound under the signature (it may be already, I'm not sure
whether there's a way to include the reference to the schema/DTD within
signed info). If not, we might need to thing about recommending inclusion of
a reference to the signature schema in cases where this is a concern. 
-  1.3 last par (security comment) I don't like leaving a sentence like "we
haven't assessed the risk" in for last call. I'd suggest an explicit
recommendation that if null c14n is used for signedInfo, then all namespaces
must be fully expanded. [P.S. there's no 1.4] 
- Need to define HMAC output lengths and define element types.



_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Wednesday, 2 February 2000 16:58:02 UTC