- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 30 May 2007 13:28:54 +0100
- To: public-xmlsec-maintwg@w3.org
Minutes below. Thanks to Giles!
--
Thomas Roessler, W3C <tlr@w3.org>
[1]W3C
- DRAFT -
XML Sec Spec Maint WG Weekly
29 May 2007
[2]Agenda
See also: [3]IRC log
Attendees
Present
Giles Hogben
, Konrad Klanz
, Thomas Roessler
Rob Miller
Ed Simon
Sean Mullen
Juan Carlos Cruellas
Richard Salz
Greg Berezow
Regrets
Phillip Hallam Baker
Frederick Hirsch
Hal Lockhart
Chair
Thomas Roessler
Scribe
Giles Hogben
Contents
* [4]Topics
1. [5]Administrivia: scribe confirmation, next meeting
2. [6]Review and approval of last meeting's minutes
3. [7]Action item review
4. [8]agenda bashing
5. [9]Workshop planning
6. [10]Current status of drafts: c14n issue with xml:base
7. [11]Current status of drafts: DSig Core
8. [12]Decryption Transform
9. [13]signature encore
* [14]Summary of Action Items
_________________________________________________________________
<tlr> Date: 2007-05-29
<tlr> Date: 2007-05-29
<tlr> scribe: GilesHogben
<tlr> ScribeNick: GilesHogben
Administrivia: scribe confirmation, next meeting
<tlr> Next meeting: 5 June, Frederick to chair, Konrad to scribe
Konrad will scribe next meeting
Review and approval of last meeting's minutes
<tlr> [15]http://www.w3.org/2007/05/ 22-xmlsec-minutes
No objections to minutes
<tlr> RESOLUTION: minutes accepted
Action item review
<scribe> Done - share transform that does not depend on input
by Konrad
<tlr> ACTION-6 done; discuss at future meeting
<tlr> ACTION-26 continued
action 6 done - discuss at future mission
agenda bashing
add a brief excursion into C14N draft?
Workshop planning
<tlr> ACTION-28 moot
<tlr> ACTION-29 closed
<trackbot-ng> Sorry... I don't know how to close ACTION yet
<tlr> ACTION-30 closed
<trackbot-ng> Sorry... I don't know how to close ACTION yet
<tlr> [16]http://www.w3.org/2007/xmlse c/ws/cfp.html
Call to be issued June 6 deadline for papers 14 Aug
IETF has meeting in last week of july - so good for propoganda
Review 2nd half of August
Giles OK for PC work - 2nd HALF of Aug
Ed should be OK but can't guarantee
Konrad has time - position papers are from where?
TLR should be within the group - there is some flexibility - you can write
the posn paper early
2nd half of Aug to review the pp's we already got and to negotiate the
agenda
Greg Whitehead Yes
<gberezow> gberezow is ok with 2nd half august
Sean - OK
Rob OK
JuanCarlos - Probably not (Holidays)
can work before
TLR critical mass for 2nd half Aug
<scribe> pending availlability of Frederick we should go for this schedule
accepted
<tlr> timeline seems ok, approved pending availability of Frederick
<tlr> ACTION-30 done
Action 30 closed
Current status of drafts: c14n issue with xml:base
<tlr>
[17]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0044.h
tml
Konrad has sent a message to both wg's about xml-base
TLR Who can review this issue for a discussion in next call
<klanz2>
[18]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/att-00
44/Apendix.html
Konrad note appendix at bottom of message
to see Delta - appended some test-cases
above that is the correct version of the appendix
would like someone who is going to implement to see if he/she agrees
TLR is that appendix actually normative in C14N 1.1?
Konrad not sure but would guess it is if implementations are required to use
the same cannonical output
There is still some potential to elaborate on details.
TLR Review before going into details
<tlr> ACTION: salz to review Konrad's message re xml:base by next call
[recorded in [19]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action01]
<trackbot-ng> Created ACTION-35 - Review Konrad\'s message re xml:base by
next call [on Rich Salz - due 2007-06-05].
<tlr> ACTION: juan carlos to review KonraD's message re xml:base by next
call [recorded in [20]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action02]
<trackbot-ng> Sorry, couldn't find user - juan
<EdS> I'm taking a quick look at c14n 1.1 CR and do not see any indication
Appendix A is not normative.
<tlr> ACTION: cruellas to review KonraD's message re xml:base by next call
[recorded in [21]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action03]
<trackbot-ng> Created ACTION-36 - Review KonraD\'s message re xml:base by
next call [on Juan Carlos Cruellas - due 2007-06-05].
<tlr> ACTION: sean to review Konrad's message re xml:base by next call
[recorded in [22]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action04]
<trackbot-ng> Created ACTION-37 - Review Konrad\'s message re xml:base by
next call [on Sean Mullan - due 2007-06-05].
<tlr> ACTION: ed to review Konrad's message re xml:base by next call
[recorded in [23]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action05]
<trackbot-ng> Created ACTION-38 - Review Konrad\'s message re xml:base by
next call [on Ed Simon - due 2007-06-05].
<tlr> substantive discussion deferred to next call
Current status of drafts: DSig Core
<tlr> ACTION-33 closed
<trackbot-ng> Sorry... I don't know how to close ACTION yet
<tlr> ACTION-31, ACTION-32 closed
Action 31 on Juan C to propose a reference processing modelling summary
Sean to propose a different langauge for validator and generator part
<tlr>
[24]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
tml
mostly done on ML. End of that thread see url above
proposed slightly different text for the note
is there any need for further discussioon of this text
or do we adopt the editor's draft accordingly
Konrad do we get a new version of the redline doc?
<EdS> A search on the word "normative" in c14n 1.1 CR reveals only 1
instance -- that saying only the English version is normative. So it would
appear the whole c14n 1.1 CR document, including the appendix, is normative.
TLR Will send around the editor's draft
have people looked at the text?
would people prefer to see the editor's draft
JCarlos agree with changes
<tlr> juan carlos: fine
<tlr> sean: looks fine
<EdS> I looked at the text changes and they look fine to me.
<tlr> ACTION: thomas to update editor's draft according to
[25]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
tml [recorded in [26]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action06]
<trackbot-ng> Created ACTION-39 - Update editor\'s draft according to
[27]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
tml [on Thomas Roessler - due 2007-06-05].
<tlr> ACTION-19 closed
<trackbot-ng> Sorry... I don't know how to close ACTION yet
<tlr>
[28]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
tml
Konrad: had a look at Gregor's message and proposed new text for bullets in
section 2.
please copy to chat
<sean> please copy to chat
<tlr>
[29]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
tml
I just try to be precise where DNames appear or not
<klanz2> 2.
<klanz2> * The |X509IssuerSerial| element, which contains an X.509
<klanz2> issuer distinguished name/serial number pair. The X.509
<klanz2> issuer distinguished name SHOULD be compliant with the DNAME
<klanz2> encoding rules at the end of this section and the serial
<klanz2> number is represented as a decimal integer,
<klanz2> * The |X509SubjectName| element, which contains an X.509
<klanz2> subject distinguished name that SHOULD be compliant with the
<klanz2> DNAME encoding rules at the end of this section,
Konrad concerned about & and opening tag bracket but as discussed with
Thomas, this can be handled by saying it is text to be added
Should it be done in CDATA section or by escaping?
<klanz2> sorry lost the call
<tlr>
[30]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
tml
Decryption Transform
<tlr> [31]http://www.w3 .org/2007/xmlsec/Drafts/xmlenc-decrypt.html
Frederick has done some basic edits
<tlr>
[32]http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html#sec-xml-process
ing
first set of edits in processing rules section
there is a definition of decrypt XML and second subpoint of second step
deals with inheritance
<klanz2> go ahead
<klanz2> sure
please paste into IRC (proposed change)
<tlr> If a node-set is replacing an element from N whose parent element is
not in N, then its apex elements MUST inherit xml:lang and xml:space
attributes associated with the XML namespace from the parent element, such
as [XML-C14N11]. The xml:base, xml:lang and xml:space attribute from the XML
namespace MUST be processed as specified in Canonical XML 1.
Decrypt algorithm in sec 3.1 - main proposed change to replace explicit
mention of certain specific attributes according to C14N 1.1
<tlr> "As a result, D for N is a node-set consisting ..."
In 3.3, below examples is an editorial change to fix erratum 1.
In 3.4.2, inheriting attributes - ref to C14N - any comments?
TLR propose that at next meeting we propose this draft become last call
<klanz2>
[33]http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0000.html
<klanz2>
[34]http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0001.html
Konrad: is this the guy who actually found the problem (see URL) - could we
get back to him with some feedback
on how we fixed it
TLR: yes good idea
<tlr> ACTION: klanz2 to contact CAO Yongsheng confirming treatment of E1 in
Decryption Transform [recorded in [35]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action07]
<trackbot-ng> Created ACTION-40 - Contact CAO Yongsheng confirming treatment
of E1 in Decryption Transform [on Konrad Lanz - due 2007-06-05].
TLR no comments and no objections to Frederick's changes on Decrypt
transform
propose we issue this version with updated namespace URI's
<tlr> as LC WD at next meeting
if anyone wants to raise review comments, do so next week
signature encore
<tlr>
[36]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.h
tml
1st bullet step 2 - is basically done
inside the X509 issuer there is a serial
there are 2 values inside - one the DName, the other the SNumber
the previous text was not very concise about this
but only the DName is affected - just clarified what was affected
next message was the test case - a challenging DName
Sean 1st bullet of second - second sentence is a runon - would just say
<tlr> "The X.509 issuer distinguished name SHOULD be compliant with the
DNAME encoding rules at the end of this section. The serial number is
represented as a decimal integer."
konrad: The test case - tried to get all escapeable chars in and RFC 2253
compliant
paste into XML problem with &
maybe we need to make explicity need to escape &
give guidance on whether to escape or put into CDATA
as long as people don't touch it until verification it won't affect a lot
in many cases the keyinfo is not signed but in some cases it is
not sure if it's really a problem
Konrad you can identify the key either by supplying it as a cert
just needs to be identified , and can also be signed to ensure
non-substitution
when you're identifying it you have to do it in CDATA - otherwise you break
the XML
Sean: I'll take an action to look at what our implementation does
<tlr> ACTION: sean to check his implementation wrt DNAME erratum [recorded
in [37]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action08]
<trackbot-ng> Created ACTION-41 - Check his implementation wrt DNAME erratum
[on Sean Mullan - due 2007-06-05].
TLR worth having a look at testcase
JC: Looks like there was a common view that the text of the Dname should be
put in a CDATA section
but reading the text, it clearly speaks about escaping & and "-"
i.e. the text is saying to escape it in the XML - not in CDATA
values may be used for comparing values of DName by other apps - like Xades
[?]
In order to check if the cert used for generating the sig is the one
referenced
you have to check the one used with the DName string
so it may break an app
<tlr> Also, strings in DNames (X509IssuerSerial,X509SubjectName, and KeyName
if approriate) should be encoded as follows:
TLR: this is not an ecoding which deals with making it XML Safe - it's to do
with backslash character
so can't see in rec text that there is entity encoding explicitlyl
Konrad: also has same perception as JC
a lot of people seem to interpret it that way
in a lot of cases where encoding of entities is needed, it's done rather
than being put into CDATA section
the spec is silent about what should happen
TLR: isn't that silence the right thing
q
Sean: Silence is not the right thing
<EdS> Suggest we continue the discussion on /2007May/0041.html next week so
we can think about this more over the week.
<tlr> +1 to ed
Konrad - silence would be good if it would canonicalize
but don't see how strings in XML are to be canonicalised if signed
rather have it robust than lose canonicalisation
TLR: There is a canonicalisation step before things are signed and hashed
Action is on JC and Konrad to come up with an example where the current
silence can break an app
<tlr> ACTION: cruellas to produce example for breakage due to current E01
language [recorded in [38]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action09]
<trackbot-ng> Created ACTION-42 - Produce example for breakage due to
current E01 language [on Juan Carlos Cruellas - due 2007-06-05].
JC: agrees
<tlr> ACTION: klanz to produce example for breakage due to current E01
language [recorded in [39]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action10]
<trackbot-ng> Sorry, couldn't find user - klanz
Konrad: agres
agrees
<klanz2> [40]http://www.w3.org/TR/xml-c14n11/ (section 1.1 says CDATA
sections are replaced with their character content)
<tlr> rragent, please draft minutes
<klanz2> can I listen in
Summary of Action Items
[NEW] ACTION: cruellas to produce example for breakage due to current E01
language [recorded in [41]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action09]
[NEW] ACTION: cruellas to review KonraD's message re xml:base by next call
[recorded in [42]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action03]
[NEW] ACTION: ed to review Konrad's message re xml:base by next call
[recorded in [43]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action05]
[NEW] ACTION: juan carlos to review KonraD's message re xml:base by next
call [recorded in [44]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action02]
[NEW] ACTION: klanz to produce example for breakage due to current E01
language [recorded in [45]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action10]
[NEW] ACTION: klanz2 to contact CAO Yongsheng confirming treatment of E1 in
Decryption Transform [recorded in [46]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action07]
[NEW] ACTION: salz to review Konrad's message re xml:base by next call
[recorded in [47]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action01]
[NEW] ACTION: sean to check his implementation wrt DNAME erratum [recorded
in [48]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action08]
[NEW] ACTION: sean to review Konrad's message re xml:base by next call
[recorded in [49]http://www.w 3.org/2007/05/29-xmlsec-minutes.html#action04]
[NEW] ACTION: thomas to update editor's draft according to
[50]http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.h
tml [recorded in [51]http://www.w
3.org/2007/05/29-xmlsec-minutes.html#action06]
[End of minutes]
_________________________________________________________________
Minutes formatted by David Booth's [52]scribe.perl version 1.128 ([53]CVS
log)
$Date: 2007/05/30 12:28:01 $
References
1. http://www.w3.org/
2. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0045.html
3. http://www.w3.org/2007/05/29-xmlsec-irc
4. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#agenda
5. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item01
6. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item02
7. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item03
8. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item04
9. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item05
10. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item06
11. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item07
12. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item08
13. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#item09
14. file://localhost/home/roessler/W3C/WWW/2007/05/29-xmlsec-minutes.html#ActionSummary
15. http://www.w3.org/2007/05/22-xmlsec-minutes
16. http://www.w3.org/2007/xmlsec/ws/cfp.html
17. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0044.html
18. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/att-0044/Apendix.html
19. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action01
20. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action02
21. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action03
22. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action04
23. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action05
24. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
25. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
26. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action06
27. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
28. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
29. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
30. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
31. http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html
32. http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html#sec-xml-proces sing
33. http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0000.html
34. http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0001.html
35. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action07
36. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html
37. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action08
38. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action09
39. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action10
40. http://www.w3.org/TR/xml-c14n11/
41. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action09
42. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action03
43. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action05
44. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action02
45. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action10
46. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action07
47. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action01
48. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action08
49. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action04
50. http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html
51. http://www.w3.org/2007/05/29-xmlsec-minutes.html#action06
52. http://dev.w3.org/cvsweb/~checkout~/2002/scribe/scribedoc.htm
53. http://dev.w3.org/cvsweb/2002/scribe/
Received on Wednesday, 30 May 2007 12:29:05 UTC