See also: IRC log
<trackbot> Date: 28 June 2011
<scribe> Scribe: tlr
fjh: add item to discuss Marcos note about certificate ordering in 1.1 and item re possible additional XML Encryption discussion
<fjh> Approve minutes, 14 June 2011
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/att-0038/minutes-2011-06-14.html
RESOLUTION: 14 June minutes approved
tlr: done, http://www.w3.org/2008/02/xmlsec-charter.html
<fjh> C14N2 LC-2484 and LC-2486 closed, drafts updated
fjh: two last call comments taken care of
<fjh> XML Signature, LC-2487 (example correction)
<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-20110421/2487
<fjh> LC-2488, XML Signature comments from XML Core
<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-20110421/2488
fjh: pratik, review of XML Core comments?
pratik: not yet
<fjh> LC-2489 comments on XPath Profile
<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-xpath-20110421/2489
fjh: response about xpath profile; XML Core is looking at response from Pratik
fjh: discussion of 2.0 transform model
<fjh> Call for Consensus to publish FPWD sent:
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0036.html
<fjh> Summary of rationale for approaches, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0037.html (Frederick)
<fjh> proposed RESOLUTION: publish FPWD of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms" based on draft found at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-transforms20/Overview.html
fjh: had discussed various possibilities of how to do FPWD
... suggest putting material out for review,
... should make review easier
... decide on calling it 2.0 later
... good reasons either way
... strong opinions?
pratik: so we're keeping the documents separate?
fjh: still have 1.1, so can't finesse the issue (?)
pratik: ok, agree with publishing FPWD
RESOLUTION: publish FPWD of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms" based on draft found at
<fjh> ACTION: fjh to prepare XML Enc 2.0 transforms for publication [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-812 - Prepare XML Enc 2.0 transforms for publication [on Frederick Hirsch - due 2011-07-05].
<fjh> XML Encryption Recommendation (2002) Errata
<fjh> proposal, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html
fjh: minor item for XML Enc
<scribe> ACTION: thomas to update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-813 - Update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html [on Thomas Roessler - due 2011-07-05].
ACTION-813: not 1.1, but 1.0
<trackbot> ACTION-813 Update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html notes added
<fjh> XML Encryption 1.1 correction (CR draft) namespaces
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.htm
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html
<fjh> editorial correction
<scribe> ACTION: magnus to make namespace ("&xenc;") related edits in XML Encryption 1.1 [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-814 - Make namespace ("&xenc;") related edits in XML Encryption 1.1 [on Magnus Nystrom - due 2011-07-05].
ACTION-814: see http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html
<trackbot> ACTION-814 Make namespace ("&xenc;") related edits in XML Encryption 1.1 notes added
cynthia: haven't yet done the promised wiki update
<fjh> ACTION-699?
<trackbot> ACTION-699 -- Cynthia Martin to update interop wiki with suite B organization -- due 2010-11-08 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/699
<fjh> ACTION-779: Gerald Edgar to Review test cases for 1.1 and summarize which are missing
<trackbot> ACTION-779 Review test cases for 1.1 and summarize which are missing notes added
<fjh> ACTION-793: Gerald Edgar to Review 1.1 interop to determine which gaps we have in 1.1 testing itself
<trackbot> ACTION-793 Review 1.1 interop to determine which gaps we have in 1.1 testing itself notes added
<fjh> Update to C14N 2.0 test cases
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0043.html
fjh: pratik... 2.0 test cases?
pratik: put in C14N 1.0 test cases and all that
... working on prefixes in xpath
... 1.0 test cases normative?
tlr: that'd be news
pratik: examples section in 1.1
<pdatta> http://www.w3.org/TR/xml-c14n11/ Section 3
<fjh> please review test cases document
<pdatta> http://www.w3.org/2008/xmlsec/Drafts/c14n-20/test-cases/
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0054.html
fjh: marcos' comment, received in CR
... suggests adding note to Signature spec to practice regarding order of certs
tlr: wait - this is about widget signatures? why can't it be handled in the profile?
<fjh> marcos suggesting best practice, scott notes this might need to be in best practices document
scott: lots of people like to assume ordering
tlr: so, best practice + addition to their profile?
<fjh> proposed response - not to update signature core spec as it does not specify such details, consider adding note to our best practices doc, widget signature can as a profile add normative requirements or provide further advice
<fjh> ACTION: fjh to respond to marcos re cert order [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-815 - Respond to marcos re cert order [on Frederick Hirsch - due 2011-07-05].
<fjh> No progress, fjh to send follow up msg, include gerald
<fjh> Discussion of possible issues related to XML Encryption and whether a 2.0 will be desired.
<fjh> Reminder that section 6.6, "Error Messages" provides useful advice
<fjh> Implementations should not provide detailed error responses related to security algorithm processing. Error messages should be limited to a generic error message to avoid providing information to a potential attacker related to the specifics of the algorithm implementation. For example, if an error occurs in decryption processing the error response should be a generic message providing no specifics on the details of the processing error.
<fjh> question - should GCM be mandatory to implement in XML Encryption 1.1 (currently optional).
<fjh> optional AES128-GCM
<fjh> http://www.w3.org/2009/xmlenc11#aes128-gcm
<fjh> For 2.0 if we have it, consider separation of algorithms into a separate document
<fjh> tlr to share summary of today's discussion off-list