Re: ACTION-767: Review references etc. from Frederick.Hirsch@nokia.com on 2011-01-18 (public-xmlsec@w3.org from January 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Tue, 18 Jan 2011 15:47:40 +0100
To: <mnystrom@microsoft.com>
CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Message-ID: <00AC5017-8E88-405D-B5F9-4CFFEC2625BC@nokia.com>
I have updated the XML Encryption editors draft to refer to SP800-67 as a reference rather than TRIPLEDES.

Specifically,  it now says in section 5.2.2, http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.html#sec-tripledes-cbc :

"NIST SP800-67 [SP800-67] specifies three sequential FIPS 46-3 [DES] operations." 

and the reference is:

[SP800-67]
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revised 19 May 2008. SP800-67 Version 1.1. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf

Does this look correct? 

I believe the only document that needed this change is XML Encryption 1.1

Thanks

regards, Frederick

Frederick Hirsch
Nokia



On Jan 17, 2011, at 8:23 PM, ext Magnus Nystrom wrote:

> Actually X9.52 has been withdrawn. A better reference might be NIST SP 800-67:
> 
> http://csrc.nist.gov/publications/nistpubs/800-67/SP800-67.pdf
> 
> -- Magnus
> 
> 
>> -----Original Message-----
>> From: Frederick.Hirsch@nokia.com [mailto:Frederick.Hirsch@nokia.com]
>> Sent: Monday, January 17, 2011 11:25 AM
>> To: Magnus Nystrom
>> Cc: Frederick.Hirsch@nokia.com; public-xmlsec@w3.org
>> Subject: Re: ACTION-767: Review references etc.
>> 
>> Magnus
>> 
>> I cannot find a direct link for this one, do you have a URL:
>> 
>>> - The reference for ANSI X9.52 should be linked as the reference for ANSI
>> X9.44. As it is right now, one only gets to the generic ANSI home page.
>> 
>> 
>> Thanks
>> 
>> regards, Frederick
>> 
>> Frederick Hirsch
>> Nokia
>> 
>> 
>> 
>> On Jan 17, 2011, at 11:54 AM, ext Magnus Nystrom wrote:
>> 
>>> Frederick, All,,
>>> This is in response to ACTION-767 assigned to me last week.
>>> 
>>> I don't know where the references are stored any longer so I have not done
>> any changes in the sources themselves but I did note the following:
>>> 
>>> XML Encryption 1.1:
>>> -------------------------
>>> - The reference for NFC: The URL should be preceded by the string "URL:" as
>> for other references
>>> - The reference for ANSI X9.52 should be linked as the reference for ANSI
>> X9.44. As it is right now, one only gets to the generic ANSI home page.
>>> - The link to XML Signature Syntax and Processing Version 1.1 will need to be
>> updated eventually; same for XML Encryption Syntax and Processing 1.1.
>>> - For [ECC-ALGS], we should check if it has been given an RFC number yet. I will
>> follow up on this. I believe it should still be informative in this document.
>>> 
>>> Outside of the references:
>>> - Section 5.1.1: Should probably be consistent in how we reference the
>> "with"/"omit" comments; sometimes we write "(omit comments)" and
>> sometimes "with comments" (i.e. without parenthesis) and sometimes
>> "comments" is spelled with a capital "C".
>>> - Section 8.2, replace "they will be" with "there will be"
>>> 
>>> Explain:
>>> -----------
>>> - My affiliation should be changed to Microsoft.
>>> - 3.3: Change "Clarify" to "Clarified that"
>>> - 5.4.2: That change is not relative to 1.0 and so I am not sure it should be in
>> here.
>>> - "Message Authentication ..." - change "200900602" to "20090602"
>>> - 8.2: Change description of first change to: "Changed "MIME media type
>> name" to " Type name" and "MIME subtype name" to "Subtype name"
>>> 
>>> Generic Hybrid Ciphers:
>>> -----------------------------
>>> - Section 9, "Acknowledgements" is empty; in line with the other documents I
>> suggest removing this section altogether and instead creating a Section 1.2
>> "Acknowledgements" with the following text:
>>> 
>>> The contributions of the following Working Group members to this
>> specification are gratefully acknowledged in accordance with the contributor
>> policies and the active WG roster: Frederick Hirsch, Brian LaMacchia, Thomas
>> Roessler, Magnus Nyström, Bruce Rich, Scott Cantor, Hal Lockhart, Cynthia
>> Martin, Ed Simon, Pratik Datta and Meiko Jensen.
>>> 
>>> Additionally, we thank Burt Kaliski of EMC for his comments during and
>> subsequent to Last Call.
>>> 
>>> - In Appendix A, the URL to [XMLENC-CORE1] and [XMLDSIG-CORE1] should be
>> updated, eventually, just as for XML Encryption 1.1.
>>> 
>>> Requirements
>>> -----------------
>>> (I was not sure what to do here, but I did check the references section as per
>> below:)
>>> - [C14N-REQS]: The URL is different between the hyperlink in the title and the
>> explicit URL.
>>> - [C14N11]: Same as previous comment
>>> - [EXI]: Missing hyperlink in title
>>> - [Gajek]: Missing hyperlink in title
>>> - [Infoset]: Missing hyperlink in title
>>> - [McIntoshAustel] - Missing URL altogether. A possible URL is:
>> http://portal.acm.org/citation.cfm?doid=1103022.1103026
>>> - PKCS #5: Missing hyperlink in title
>>> - RFC 2633 is obsoleted by RFC 3851
>>> - SigProp: Different URL for title than for explicit URL.
>>> - XMLDsig2nd: Missing hyperlink in title
>>> 
>>> Best,
>>> -- Magnus
>>> 
>>> 
>> 
>
Received on Tuesday, 18 January 2011 14:48:24 UTC