- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 28 Nov 2011 19:51:35 +0000
- To: <public-xmlsec@w3.org>
- CC: <Frederick.Hirsch@nokia.com>
- Message-ID: <64DBE642-EE27-4D45-9103-EB0A939D350E@nokia.com>
Agenda: W3C XML Security WG Distributed Meeting 28 November 2011 Distributed Meeting Logistics details and links to information at the bottom of this email. 1) Administrivia: Scribe confirmation, Agenda review, Liaisons, Announcements. PAG update 2) Minutes Approval Approve minutes, 8 November 2011 http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0005/minutes-2011-11-08.html Proposed RESOLUTION: Minutes from 8 November 2011 are approved. 3) XML Encryption 1.1 Editors Draft updated Updated XML Encryption 1.1 editors draft * Changed AES128-GCM from Optional to REQUIRED, left AES-192-GCM as Optional, added warning, paper reference, new security consideration * http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0006.html (Frederick) * Correction to URL for new rsa-oaep algorithm, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0008.html * Added algorithm to Security Algorithm Cross-Reference, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0009.html 4) XML Encryption 1.1 test cases and interop http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0018.html (Pratik) 5) XML Security 2.0 Next steps? 6) Open Action and Issue review 6a) Open Actions ACTION-238: Thomas Roessler to Update the proposal associated with ACTION-222 and send to list. ACTION-717: Pratik Datta to Document the Performance improvements with 2.0 ACTION-841: Pratik Datta to Add link to canonical XML 2.0 samples into the spec ACTION-847: Pratik Datta to Propose update to 2.0 algorithm requirements to encourage authenticating mode ACTION-848: Bruce Rich to Contact OASIS ebXML community regarding large data issue and GCM ACTION-850: Hal Lockhart to Review XML Encryption 1.1 security considerations and propose changes in light of today's discussion ACTION-851: Pratik Datta to Propose text regarding KeyLength and PBKDF2, assuming we do not change the schemna ACTION-856: Brian LaMacchia to Discuss with magnus possible encryption algorithms suitable for streaming ACTION-857: Pratik Datta to Ask regarding risk of use of GCM without checking tag during processing 6b) Close Pending actions These will be closed after the meeting unless concern raised before or during meeting. Please review in advance of meeting. ACTION-854: Frederick Hirsch to Talk with thomas about encouraging implementation support for AES-GCM in existing algorithms ACTION-855: Frederick Hirsch to Update XML Encryption 1.1 draft for AES-GCM mandatory to implement 6c) Issue review http://www.w3.org/2008/xmlsec/track/issues/open [OPEN] ISSUE-230 : CBC attack on XML Encryption, http://www.nds.rub.de/research/publications/breaking-xml-encryption/ /2008/xmlsec/track/issues/230<http://services.w3.org/2008/xmlsec/track/issues/230> [OPEN] ISSUE-229 : Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1 /2008/xmlsec/track/issues/229<http://services.w3.org/2008/xmlsec/track/issues/229> [OPEN] ISSUE-227 : CR of XML Encryption 1.1 requires update to namespace refs, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html /2008/xmlsec/track/issues/227<http://services.w3.org/2008/xmlsec/track/issues/227> [OPEN] ISSUE-122 : Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks ; on [XML Signature 2.0] /2008/xmlsec/track/issues/122<http://services.w3.org/2008/xmlsec/track/issues/122>[OPEN] ISSUE-91 : ECC can't be REQUIRED ; on [XML Security - General] /2008/xmlsec/track/issues/91<http://services.w3.org/2008/xmlsec/track/issues/91> 7) Other Business 8) Adjourn Scribing list ---------------- Magnus Nystrom, Microsoft (7 Sept 2010, 27 April, 2010) Brian LaMacchia, Microsoft (19 October 2010, 25 May 2010) Pratik Datta, Oracle (4 January 2010, 27 July 2010) Scott Cantor, invited expert (8 February 2011, 19 October 2010) Meiko Jensen (15 Feb 2011, 2 November 2010 F2F) Gerald Edgar, Boeing (24 May 2011, 12 April 2011, 18 January 2011) Ed Simon, Invited Expert (7 June 2011, 8 March 2011) Cynthia Martin, MITRE (7 June 2011, 29 March 2011) Thomas Roessler (28 June 2011, 18 January 2011) Chris Solc, Adobe (2 August 2011, 25 January 2011) Shivaram Mysore, Invited Expert (6 September 2011, 19 April 2011) Hal Lockhart, Oracle (13 September 2011, 9 August 2011) Bruce Rich, IBM (18 October 2011, 1 March 2011) Frederick Hirsch(8 November 2011, 11 October 2011, 4 October 2011, 27 September 2011) Logistics Info: 10-12:00 am Eastern Time Information on meeting times in various time zones: http://www.w3.org/2008/xmlsec/Group/Overview.html#phone Zakim Bridge: +1.617.761.6200 conference code 965732# ('XMLSEC') IRC Chat: irc.w3.org (port 6665), #xmlsec Web-based IRC (member-only): <http://irc.w3.org/?channels=xmlsec> Please note that attendance of XMLSEC WG teleconferences is restricted to registered WG participants and persons invited by the chair. Scribe Instructions: <http://www.w3.org/2007/xmlsec/Group/Scribe-Instructions.html Liaison information: <http://www.w3.org/2008/xmlsec/Group/Overview.html#coordination Publication Status available at <http://www.w3.org/2008/xmlsec/wiki/PublicationStatus Roadmap at <http://www.w3.org/2008/xmlsec/wiki/Roadmap> --- regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG
Received on Monday, 28 November 2011 19:52:51 UTC