W3C

XML Security Working Group Teleconference

28 Jun 2011

Agenda

See also: IRC log

Attendees

Present
Bruce_Rich, Cynthia_Martin, Frederick_Hirsch, Gerald_Edgar, Magnus_Nystrom, Pratik_Datta, Scott_Cantor, Thomas_Roessler
Regrets
Meiko_Jensen, Shivaram_Mysore
Chair
Frederick_Hirsch
Scribe
tlr

Contents

<trackbot> Date: 28 June 2011

<scribe> Scribe: tlr

agenda bashing

fjh: add item to discuss Marcos note about certificate ordering in 1.1 and item re possible additional XML Encryption discussion

minutes approval

<fjh> Approve minutes, 14 June 2011

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/att-0038/minutes-2011-06-14.html

RESOLUTION: 14 June minutes approved

charter extension

tlr: done, http://www.w3.org/2008/02/xmlsec-charter.html

2.0 last call comments

<fjh> C14N2 LC-2484 and LC-2486 closed, drafts updated

fjh: two last call comments taken care of

<fjh> XML Signature, LC-2487 (example correction)

<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-20110421/2487

<fjh> LC-2488, XML Signature comments from XML Core

<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-core2-20110421/2488

fjh: pratik, review of XML Core comments?

pratik: not yet

<fjh> LC-2489 comments on XPath Profile

<fjh> http://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmldsig-xpath-20110421/2489

fjh: response about xpath profile; XML Core is looking at response from Pratik

xml encryption and 2.0 transforms

fjh: discussion of 2.0 transform model

<fjh> Call for Consensus to publish FPWD sent:

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0036.html

<fjh> Summary of rationale for approaches, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0037.html (Frederick)

<fjh> proposed RESOLUTION: publish FPWD of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms" based on draft found at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-transforms20/Overview.html

fjh: had discussed various possibilities of how to do FPWD
... suggest putting material out for review,
... should make review easier
... decide on calling it 2.0 later
... good reasons either way
... strong opinions?

pratik: so we're keeping the documents separate?

fjh: still have 1.1, so can't finesse the issue (?)

pratik: ok, agree with publishing FPWD

RESOLUTION: publish FPWD of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms" based on draft found at

<fjh> ACTION: fjh to prepare XML Enc 2.0 transforms for publication [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-812 - Prepare XML Enc 2.0 transforms for publication [on Frederick Hirsch - due 2011-07-05].

XML Encryption 1.0 Errata

<fjh> XML Encryption Recommendation (2002) Errata

<fjh> proposal, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html

fjh: minor item for XML Enc

<scribe> ACTION: thomas to update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-813 - Update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html [on Thomas Roessler - due 2011-07-05].

ACTION-813: not 1.1, but 1.0

<trackbot> ACTION-813 Update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html notes added

XML Encryption 1.1 editorial update

<fjh> XML Encryption 1.1 correction (CR draft) namespaces

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.htm

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html

<fjh> editorial correction

<scribe> ACTION: magnus to make namespace ("&xenc;") related edits in XML Encryption 1.1 [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-814 - Make namespace ("&xenc;") related edits in XML Encryption 1.1 [on Magnus Nystrom - due 2011-07-05].

ACTION-814: see http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html

<trackbot> ACTION-814 Make namespace ("&xenc;") related edits in XML Encryption 1.1 notes added

testing and interop

cynthia: haven't yet done the promised wiki update

<fjh> ACTION-699?

<trackbot> ACTION-699 -- Cynthia Martin to update interop wiki with suite B organization -- due 2010-11-08 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/699

<fjh> ACTION-779: Gerald Edgar to Review test cases for 1.1 and summarize which are missing

<trackbot> ACTION-779 Review test cases for 1.1 and summarize which are missing notes added

<fjh> ACTION-793: Gerald Edgar to Review 1.1 interop to determine which gaps we have in 1.1 testing itself

<trackbot> ACTION-793 Review 1.1 interop to determine which gaps we have in 1.1 testing itself notes added

<fjh> Update to C14N 2.0 test cases

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0043.html

fjh: pratik... 2.0 test cases?

pratik: put in C14N 1.0 test cases and all that
... working on prefixes in xpath
... 1.0 test cases normative?

tlr: that'd be news

pratik: examples section in 1.1

<pdatta> http://www.w3.org/TR/xml-c14n11/ Section 3

<fjh> please review test cases document

<pdatta> http://www.w3.org/2008/xmlsec/Drafts/c14n-20/test-cases/

XML Signature Cert Order

<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0054.html

fjh: marcos' comment, received in CR
... suggests adding note to Signature spec to practice regarding order of certs

tlr: wait - this is about widget signatures? why can't it be handled in the profile?

<fjh> marcos suggesting best practice, scott notes this might need to be in best practices document

scott: lots of people like to assume ordering

tlr: so, best practice + addition to their profile?

<fjh> proposed response - not to update signature core spec as it does not specify such details, consider adding note to our best practices doc, widget signature can as a profile add normative requirements or provide further advice

<fjh> ACTION: fjh to respond to marcos re cert order [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-815 - Respond to marcos re cert order [on Frederick Hirsch - due 2011-07-05].

Interop

<fjh> No progress, fjh to send follow up msg, include gerald

Other Business

<fjh> Discussion of possible issues related to XML Encryption and whether a 2.0 will be desired.

<fjh> Reminder that section 6.6, "Error Messages" provides useful advice

<fjh> Implementations should not provide detailed error responses related to security algorithm processing. Error messages should be limited to a generic error message to avoid providing information to a potential attacker related to the specifics of the algorithm implementation. For example, if an error occurs in decryption processing the error response should be a generic message providing no specifics on the details of the processing error.

<fjh> question - should GCM be mandatory to implement in XML Encryption 1.1 (currently optional).

<fjh> optional AES128-GCM

<fjh> http://www.w3.org/2009/xmlenc11#aes128-gcm

<fjh> For 2.0 if we have it, consider separation of algorithms into a separate document

<fjh> tlr to share summary of today's discussion off-list

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to prepare XML Enc 2.0 transforms for publication [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to respond to marcos re cert order [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action04]
[NEW] ACTION: magnus to make namespace ("&xenc;") related edits in XML Encryption 1.1 [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action03]
[NEW] ACTION: thomas to update errata for XML Enc 1.1 with http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0047.html [recorded in http://www.w3.org/2011/06/28-xmlsec-minutes.html#action02]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $