W3C

XML Security Working Group Teleconference

20 Dec 2011

Agenda

See also: IRC log

Attendees

Present
Bruce_Rich, Frederick_Hirsch, Gerald_Edgar, Pratik_Datta, Scott_Cantor
Regrets
Thomas Roessler
Chair
Frederick_Hirsch
Scribe
fjh

Contents


<trackbot> Date: 20 December 2011

Administrative

<scribe> ScribeNick: fjh

RESOLUTION: Cancel teleconferences on 3 January and 10 January 2012

Next call 17 January 2012

Minutes Approval

Approve minutes, 13 December 2011

http://lists.w3.org/Archives/Public/public-xmlsec/2011Dec/att-0009/minutes-2011-12-13.html

RESOLUTION: Minutes from 13 December 2011 are approved.

1.1 Publication: Last Call "XML Encryption 1.1"

Publication of set delayed in order to publish XML Encryption 1.1 as a Last Call WD.

proposed RESOLUTION: Publish XML Encryption 1.1 as a Last Call WD on 5 January 2012 with LC period ending 16 February 2012.

Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/WD-2011-12/Overview.html

RESOLUTION: Publish XML Encryption 1.1 as a Last Call WD on 5 January 2012 with LC period ending 16 February 2012.

1.1 Publication: Last Call "XML Encryption 1.1 CipherReference Processing Using 2.0 Transforms"

proposed RESOLUTION: Publish "XML Encryption 1.1 CipherReference Processing Using 2.0 Transforms" as a Last Call WD on 5 January 2012 with LC period ending 16 February 2012.

Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-transform20/LC/Overview.html

RESOLUTION: Publish "XML Encryption 1.1 CipherReference Processing Using 2.0 Transforms" as a Last Call WD on 5 January 2012 with LC period ending 16 February 2012.

1.1 Publication: FPWD "Test Cases for XML Encryption 1.1"

proposed RESOLUTION: Publish on 5 January 2012 FPWD of "Test Cases for XML Encryption 1.1"

Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/FPWD/Overview.html

RESOLUTION: Publish on 5 January 2012 FPWD of "Test Cases for XML Encryption 1.1"

1.1 Publication: Updated WD "XML Security Algorithm Cross-Reference"

proposed RESOLUTION: Publish on 5 January 2012 Updated WD of "XML Security Algorithm Cross-Reference"

Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/WD-2011-12/Overview.html

RESOLUTION: Publish on 5 January 2012 Updated WD of "XML Security Algorithm Cross-Reference"

2.0 Publication: FPWD "Test Cases for Canonical XML 2.0"

proposed RESOLUTION: Publish on 5 January 2012 FPWD of "Test Cases for Canonical XML 2.0"

Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/c14n-20/test-cases/FPWD-2011-12/Overview.html

RESOLUTION: Publish on 5 January 2012 FPWD of "Test Cases for Canonical XML 2.0"

2.0 Transition to CR

Transition three 2.0 documents to CR, with publication date of 12 January 2012, CR period ending no earlier than 12 April 2011, and with no features at risk. PR entrance criteria is "two interoperable implementations", expected by July 2012 (?).

"The Sample Working Group expects to request that the Director advance this document to Proposed Recommendation once the Working Group has ...your PR entrance criteria here.... The Sample Working Group, working closely with the developer community, expects to show these implementations by...estimate of when requirements will be fulfilled.... "

RESOLUTION: Publish on 12 January 2012 CR draft of "Canonical XML 2.0" with CR ending no earlier than 12 April 2011, no features at risk, and exit criteria of at least two interoperable implementations.

canonical xml 2.0 Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/c14n-20/CR-snapshot/Overview.html

RESOLUTION: Publish on 12 January 2012 CR draft of "XML Signature Syntax and Processing 2.0" with CR ending no earlier than 12 April 2011, no features at risk, and exit criteria of at least two interoperable implementations.

xml signature 2.0 Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/CR/Overview.html

RESOLUTION: Publish on 12 January 2012 CR draft of "XML Signature Streaming Profile of XPath 1.0" with CR ending no earlier than 12 April 2011, no features at risk, and exit criteria of at least two interoperable implementations.

xpath streaming profile Publication ready draft at http://www.w3.org/2008/xmlsec/Drafts/xmldsig-xpath/CR/Overview.html

GCM and streaming

http://lists.w3.org/Archives/Public/public-xmlsec/2011Dec/0011.html

brich: GCM not really appropriate for streaming large documents according to rule regarding tag verification
... however not currently an issue for ebXML
... this could be a possible issue for the future
... summary is that we do not know of any showstopper for use of GCM

fjh: we have addressed the security vulnerability related to CBC by specifying AES-GCM which should cover known practical cases today
... we may have a gap for large streamed data
... but this is not an immediate practical issue. We have security considerations language
... we may need a revision of the spec in a year or so if the community comes up with algorithm improvements to address the issue

Action Review

ACTION-848?

<trackbot> ACTION-848 -- Bruce Rich to contact OASIS ebXML community regarding large data issue and GCM -- due 2011-10-25 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/848

close ACTION-848

<trackbot> ACTION-848 Contact OASIS ebXML community regarding large data issue and GCM closed

close ACTION-856

<trackbot> ACTION-856 Discuss with magnus possible encryption algorithms suitable for streaming closed

close ACTION-863

<trackbot> ACTION-863 Confirm correctness of C14N2 test case reference after publication closed

Adjourn

Happy holidays everyone, see you in the new year.

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $