W3C

XML Security Working Group Teleconference

29 Nov 2011

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Scott_Cantor, Gerald_Edgar, Hal_Lockhart, Ed_Simon, Bruce_Rich, Chris_Solc, Pratik_Datta
Regrets
Thomas_Roessler, Brian_LaMacchia
Chair
Frederick_Hirsch
Scribe
fjh

Contents


<trackbot> Date: 29 November 2011

<scribe> ScribeNick: fjh

Administrative

Next call is 13 Dec

Minutes Approval

Approve minutes, 8 November 2011

http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/att-0005/minutes-2011-11-08.html

RESOLUTION: Minutes from 8 November 2011 are approved.

XML Encryption 1.1

Changed AES128-GCM from Optional to REQUIRED, left AES-192-GCM as Optional, added warning, paper reference, new security consideration

* http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0006.html (Frederick)

* Correction to URL for new rsa-oaep algorithm, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0008.html

* Added algorithm to Security Algorithm Cross-Reference, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0009.html

ECC added to OpenSSL, http://www.imperialviolet.org/2011/11/22/forwardsecret.html (Hal)

scantor: possible issue of companies choosing to ship

hal: RC4 might be an issue in that implementation?

scantor: red hat 6 does not support ECC, will be around some time

Pratik sent suggested mitigations to Juraj, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0012.html

response from Juraj, http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0013.html

hal: rough summary, such countermeasures are broken
... note last sentence regarding WS-Policy, does this mean implementations don't necessarily enforce WS-Policy
... extra encryption can open new attacks, which can be counter intuitive; another issue is that signature verification, decryption then authorization check order means that decryption can happen even when not authorized, since check happens too late

pdatta: need authentication tag otherwise all encryption modes are broken

hal: creating low level primitives for apps to use may be risky approach in general?

scantor: for SAML any reason not to take approach of signing over encryption?

hal: no, that seems still good

Test cases and interop

http://lists.w3.org/Archives/Public/public-xmlsec/2011Oct/0018.html

pdatta: working on interop related to encryption, could use help to create common set of use cases

brich: considering resourcing, no other steps at this point

pdatta: can bruce and brian and others please review possible scenarios for interop, to help reduce the number of possible combinations

XML Security 2.0

The 2.0 specs have been stable and have completed Last Call in May, all comments have been resolved (need to confirm)

proposed RESOLUTION: Publish CR drafts of Canonical XML 2.0, XML Signature 2.0 and Streaming Profile of XPath 1.0 this month

<scribe> ACTION: fjh to send CfC for resolution to Publish CR drafts of Canonical XML 2.0, XML Signature 2.0 and Streaming Profile of XPath 1.0 this month [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-858 - Send CfC for resolution to Publish CR drafts of Canonical XML 2.0, XML Signature 2.0 and Streaming Profile of XPath 1.0 this month [on Frederick Hirsch - due 2011-12-06].

general sense on the call is to advance 2.0 to CR

<scribe> ACTION: fjh to send CfC to move XML Encryption 1.1 CipherReference Processing using 2.0 Transforms to LC [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-859 - Send CfC to move XML Encryption 1.1 CipherReference Processing using 2.0 Transforms to LC [on Frederick Hirsch - due 2011-12-06].

Both CfC run from now until 9 December

Action Items

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to update the proposal associated with ACTION-222 and send to list. -- due 2011-09-30 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

ACTION-717?

<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717

defer to later

ACTION-841?

<trackbot> ACTION-841 -- Pratik Datta to add link to canonical XML 2.0 samples into the spec -- due 2011-10-11 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/841

<scribe> in progress

<scribe> ACTION: fjh to review ACTION-841 [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-860 - Review ACTION-841 [on Frederick Hirsch - due 2011-12-06].

ACTION-847?

<trackbot> ACTION-847 -- Pratik Datta to propose update to 2.0 algorithm requirements to encourage authenticating mode -- due 2011-10-18 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/847

<pdatta> need to create a link from the canonical xml 2.0 document to the canonical xml 2.0 testcases document

close ACTION-841

<trackbot> ACTION-841 Add link to canonical XML 2.0 samples into the spec closed

reopen ACTION-841

<trackbot> ACTION-841 Add link to canonical XML 2.0 samples into the spec re-opened

close ACTION-860

<trackbot> ACTION-860 Review ACTION-841 closed

pdatta: 2.0 does not include encryption

fjh: right, we should close this action

close ACTION-847

<trackbot> ACTION-847 Propose update to 2.0 algorithm requirements to encourage authenticating mode closed

ACTION-848?

<trackbot> ACTION-848 -- Bruce Rich to contact OASIS ebXML community regarding large data issue and GCM -- due 2011-10-25 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/848

brich: have discussed internally, in progress, will talk to TC chair

ACTION-850?

<trackbot> ACTION-850 -- Hal Lockhart to review XML Encryption 1.1 security considerations and propose changes in light of today's discussion -- due 2011-10-25 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/850

ACTION-851?

<trackbot> ACTION-851 -- Pratik Datta to propose text regarding KeyLength and PBKDF2, assuming we do not change the schemna -- due 2011-10-25 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/851

pdatta: need to add text, in progress

ACTION-856?

<trackbot> ACTION-856 -- Brian LaMacchia to discuss with magnus possible encryption algorithms suitable for streaming -- due 2011-11-15 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/856

ACTION-857?

<trackbot> ACTION-857 -- Pratik Datta to ask regarding risk of use of GCM without checking tag during processing -- due 2011-11-15 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/857

answered in http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0013.html

ACTION-857 answered in http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0013.html

close ACTION-857

<trackbot> ACTION-857 Ask regarding risk of use of GCM without checking tag during processing closed

close ACTION-854

<trackbot> ACTION-854 Talk with thomas about encouraging implementation support for AES-GCM in existing algorithms closed

close ACTION-855

<trackbot> ACTION-855 Update XML Encryption 1.1 draft for AES-GCM mandatory to implement closed

Issues

ISSUE-230?

<trackbot> ISSUE-230 -- CBC attack on XML Encryption, http://www.nds.rub.de/research/publications/breaking-xml-encryption/ -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/230

changed algorithm requirements, so that should close issue

<scribe> ACTION: fjh to send message re closing ISSUE-230 [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-861 - Send message re closing ISSUE-230 [on Frederick Hirsch - due 2011-12-06].

ISSUE-229?

<trackbot> ISSUE-229 -- Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1 -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/229

ISSUE-229: added algorithm to address this, rsa-oaep

<trackbot> ISSUE-229 Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1 notes added

close ISSUE-229

<trackbot> ISSUE-229 Mask generation function for RSA-OAEP as defined in 5.5.2 of XML Encryption 1.1 appears to be limited to MGF1 with SHA1 closed

ISSUE-227?

<trackbot> ISSUE-227 -- CR of XML Encryption 1.1 requires update to namespace refs, http://lists.w3.org/Archives/Public/public-xmlsec/2011Jun/0017.html -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/227

ISSUE-122?

<trackbot> ISSUE-122 -- Explain peformance improvements and rationale, relationship to earlier work, document, benchmarks -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/122

ISSUE-91?

<trackbot> ISSUE-91 -- ECC can't be REQUIRED -- open

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/91

AOB

none

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to review ACTION-841 [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action03]
[NEW] ACTION: fjh to send CfC for resolution to Publish CR drafts of Canonical XML 2.0, XML Signature 2.0 and Streaming Profile of XPath 1.0 this month [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to send CfC to move XML Encryption 1.1 CipherReference Processing using 2.0 Transforms to LC [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action02]
[NEW] ACTION: fjh to send message re closing ISSUE-230 [recorded in http://www.w3.org/2011/11/29-xmlsec-minutes.html#action04]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $