CfC: close ISSUE-230, CBC Attack on XML Encryption from Frederick.Hirsch@nokia.com on 2011-11-30 (public-xmlsec@w3.org from November 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 30 Nov 2011 17:22:23 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <D8EB1FFB-580E-4FE1-A56C-4E8AFCCF3016@nokia.com>

This is a Call for Consensus (CfC) to close ISSUE-230 as resolved.

ISSUE-230, http://www.w3.org/2008/xmlsec/track/issues/230 :

"CBC attack on XML Encryption, http://www.nds.rub.de/research/publications/breaking-xml-encryption/  "

To address the CBC attack on XML Encryption, we changed AES128-GCM from Optional to REQUIRED in XML Encryption 1.1 as well as adding warning notes and security consideration text.

If you disagree with closing this issue as resolved with this change to XML Encryption 1.1, please note so on the public list. If you agree with closing the issue, please respond indicating support to close the issue. No response will be interpreted as agreement.

Please respond by Friday, 9 December.  Hearing no objection, the issue will be closed after that date.

Thanks

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

For tracker, this should complete ACTION-861

Received on Wednesday, 30 November 2011 17:23:52 UTC