Agenda - Distributed Meeting 8 November 2011 from Frederick.Hirsch@nokia.com on 2011-11-07 (public-xmlsec@w3.org from November 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 7 Nov 2011 20:56:18 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <02157DC9-CC5D-43FA-B99A-DF10DACDB6B8@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting 8 November  2011 Distributed Meeting

Logistics details and links to information at the bottom of this email.

1) Administrivia: Scribe confirmation, Agenda review,  Liaisons, Announcements.

added the 1.1 and 2.0 test case editors drafts to the XML Security WG publications wiki, see http://www.w3.org/2008/xmlsec/wiki/PublicationStatus#Publications

No call 22 November.

proposed RESOLUTION: Cancel teleconference on 15 November 2011.

2) Minutes Approval

Approve minutes, 18 October 2011

http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0002/minutes-2011-10-18.html

Proposed RESOLUTION: Minutes from 18 October 2011 are approved.

(Note encoding should be UTF-8 on this file)

3) CBC Attack

paper describing the CBC attack on XML Encryption is available at http://www.nds.rub.de/research/publications/breaking-xml-encryption/

blog post, http://www.w3.org/QA/2011/10/some_notes_on_the_recent_xml_e.html

Potential means to mitigate attack, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0000.html

Make GCM mandatory in 1.1? proposal: http://lists.w3.org/Archives/Member/member-xmlsec/2011Oct/0000.html

4) XML Encryption 1.1 test cases and interop

http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0018.html (Pratik)

5) XML Security 2.0

Next steps?

6) Open Action and Issue review

6a) Open Actions

ACTION-238: Thomas Roessler to Update the proposal associated with ACTION-222 and send to list.

ACTION-717: Pratik Datta to Document the Performance improvements with 2.0

ACTION-840: Pratik Datta to Update XML Signature 1.1 and 2.0 with change in http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0006.html

ACTION-841: Pratik Datta to Add link to canonical XML 2.0 samples into the spec

ACTION-847: Pratik Datta to Propose update to 2.0 algorithm requirements to encourage authenticating mode

ACTION-848: Bruce Rich to Contact OASIS ebXML community regarding large data issue and GCM

ACTION-850: Hal Lockhart to Review XML Encryption 1.1 security considerations and propose changes in light of today's discussion

ACTION-851: Pratik Datta to Propose text regarding KeyLength and PBKDF2, assuming we do not change the schemna

ACTION-853: Frederick Hirsch to Add new security issue later this week

6b) Close Pending actions

These will be closed after the meeting unless concern raised before  or  during meeting. Please review in advance of meeting.

ACTION-849: Frederick Hirsch to Contact Microsoft re GCM and WS-Policy

ACTION-852: Frederick Hirsch to C14n2 and enc 1.1 test cases to publication list

6c) Issue review

http://www.w3.org/2008/xmlsec/track/issues/open

[OPEN] ISSUE-229 : Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1 
/2008/xmlsec/track/issues/229 

[OPEN] ISSUE-227 : CR of XML Encryption 1.1 requires update to namespace refs, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html 
/2008/xmlsec/track/issues/227 

[OPEN] ISSUE-91 : ECC can't be REQUIRED ; on [XML Security - General] 
/2008/xmlsec/track/issues/91 

[OPEN] ISSUE-122 : Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks ; on [XML Signature 2.0] 
/2008/xmlsec/track/issues/122 

7) Other Business

8) Adjourn

Scribing  list
----------------
Magnus Nystrom, Microsoft (7 Sept 2010, 27 April, 2010)
Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010)
Pratik Datta, Oracle (4 January 2010, 27 July 2010)
Scott Cantor, invited expert (8 February 2011, 19 October 2010)
Meiko Jensen (15 Feb 2011, 2 November 2010 F2F)
Gerald Edgar, Boeing (24 May 2011, 12 April 2011, 18 January 2011)
Ed Simon, Invited Expert (7 June 2011, 8 March 2011)
Cynthia Martin, MITRE (7 June 2011, 29 March 2011)
Thomas Roessler (28 June 2011, 18 January 2011)
Chris Solc, Adobe (2 August 2011, 25 January 2011)
Shivaram Mysore, Invited Expert (6 September 2011, 19 April 2011)
Hal Lockhart, Oracle (13 September 2011, 9 August 2011)
Bruce Rich, IBM (18 October 2011, 1 March 2011)

Logistics Info:

10-12:00 am Eastern Time
Information on meeting times in various time zones:
http://www.w3.org/2008/xmlsec/Group/Overview.html#phone

Zakim Bridge:
+1.617.761.6200 conference code 965732# ('XMLSEC')

IRC Chat: irc.w3.org (port 6665), #xmlsec

Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec>

Please note that attendance of XMLSEC WG teleconferences is  restricted  to registered WG participants and persons invited by the chair.

Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html

Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination

Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus

Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap>
---

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG
Received on Monday, 7 November 2011 20:57:27 UTC