W3C

XML Security Working Group Teleconference

21 Aug 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Scott_Cantor, Gerald_Edgar, Pratik_Datta
Regrets
Chair
Frederick_Hirsch
Scribe
fjh

Contents


<trackbot> Date: 21 August 2012

<scribe> ScribeNick: fjh

Administrivia: Agenda review, Liaisons, Announcements

fjh: no announcements

Minutes Approval

Approve minutes, 14 August 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/att-0014/minutes-2012-08-14.html

RESOLUTION: Minutes from 14 August 2012 are approved.

PAG Update

WG is awaiting completed PAG report and recommendation which was to be published in August.

XML Encryption RSA v1.5

CfC out to change RSA 1.5 from Required to Optional: http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0019.html

fjh: Concludes 28 August, please respond on list. A number of +1's so far. Please indicate support on list.

"XML Security Algorithm Cross-Reference"

fjh: Brought "XML Security Algorithm Cross-Reference" up to date, many changes. Please review.

http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0022.html

scantor: noticed there is advice about beyond 2010, yet now we are in 2012
... suggest we re-word to talk about "legacy signatures"

fjh: it is in the spec as well, that is where it is from
... " XML Signature 1.1 implementations may but are not required to support DSA-based signature generation, and given the short key size and the SP800-57 guidelines, DSA with 1024-bit prime moduli should not be used for signatures that will be verified beyond 2010."
... in section 6.4.1 DSA

http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.src.html#sec-DSA

pdatta: in NIST spec as well

fjh: need to fix this

ISSUE: fix in XML Signature and cross-reference advice about 2010

<trackbot> Created ISSUE-233 - Fix in XML Signature and cross-reference advice about 2010 ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/233/edit .

<scribe> ACTION: fjh to review and propose changes related to 2010 wording [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-899 - Review and propose changes related to 2010 wording [on Frederick Hirsch - due 2012-08-28].

fjh: Plan to publish updated WD in conjunction with LC publications.

XML Signature 1.1 Interop

fjh: I updated the "XML Signature 1.1 Interop Test Report" to record completion of SHA-224 interop, HMAC Output Length; editorial cleanup.

http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0017.html

Roadmap

fjh: Items planned to be removed from XML Signature 1.1 at end of August: OCSPResponse, X509Digest; DEREncodedKeyValue, KeyInfoReference

scantor: possibly second implementation on X509Digest; DEREncodedKeyValue, KeyInfoReference
... KeyInfoReference is more difficult
... but waiting until we know if two separate implementations from same author ok for these before doing the work

fjh: waiting on thomas for decision
... Items planned to be removed from XML Encryption 1.1 at end of August: AES-128/192/256-pad Symmetric Key Wrap, Key Agreement (ECDH, DH)
... Magnus may be able to provide test vectors and test for Key Agreement (ECDH, DH)

pdatta: Oracle has this for key agreement

<scribe> ACTION: pdatta to contact Magnus regarding key agreement test cases and interop [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-900 - Contact Magnus regarding key agreement test cases and interop [on Pratik Datta - due 2012-08-28].

fjh: looking at xmlsec open library to see if that is an alternative path

scantor: will look to see if I can have an alternative author for the Java code we work with

fjh: Formatting issue for schema/examples in XML Signature 1.1 introduced with ReSpec v3 change
... hesitant to make this update to ReSpec but needed to for bibliography maintenance
... I am following up with Robin Berjon regarding ReSpec schema formatting issue, think it might be sh_xml issue.
... but we seem to have time before next publication

Actions

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-09-30 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

ACTION-717?

<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717

ACTION-883?

<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883

ACTION-892?

<trackbot> ACTION-892 -- Pratik Datta to check on adding KeyInfoReference -- due 2012-07-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/892

pdatta: might be able to do this

scantor: using SAML code for this
... could have a test for it, but it isn't specific for XML Signature
... hard to make stand-alone RetrievalMethod test
... if you have existing same document RetrievalMethod, you could generate and I could test it, possibly with Santorio code
... will check with Brent regarding current retrievalmethod code, whether we can do something
... will follow up with Pratik

pdatta: will also check this, see if we can add this, as we already have RetrievalMethod, should be able to do this

ACTION-897?

<trackbot> ACTION-897 -- Thomas Roessler to confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically -- due 2012-08-21 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/897

Pending Actions

ACTION-890?

<trackbot> ACTION-890 -- Thomas Roessler to check with team whether CR draft can have features marked as at risk during CR without an additional LC cycle -- due 2012-07-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/890

ACTION-890 closed

<trackbot> ACTION-890 Check with team whether CR draft can have features marked as at risk during CR without an additional LC cycle closed

ACTION-891?

<trackbot> ACTION-891 -- Pratik Datta to put SHA-224 test cases and results for interop into CVS -- due 2012-07-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/891

ACTION-891 closed

<trackbot> ACTION-891 Put SHA-224 test cases and results for interop into CVS closed

ACTION-893?

<trackbot> ACTION-893 -- Magnus Nystrom to check on AES-128-GCM interop test -- due 2012-07-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/893

ACTION-893 closed

<trackbot> ACTION-893 Check on AES-128-GCM interop test closed

ACTION-894?

<trackbot> ACTION-894 -- Thomas Roessler to discuss with team and director process issues about Signature 1.1/Encryption 1.1 to rec with some optional URIs for algorithms that do not have 2 implementations -- due 2012-08-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/894

ACTION-894 closed

<trackbot> ACTION-894 Discuss with team and director process issues about Signature 1.1/Encryption 1.1 to rec with some optional URIs for algorithms that do not have 2 implementations closed

ACTION-895?

<trackbot> ACTION-895 -- Frederick Hirsch to send CfC to list to close out interop on RSA-OAEP key transport as we have it for one MGF function, question is that enough -- due 2012-07-31 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/895

ACTION-895 closed

<trackbot> ACTION-895 Send CfC to list to close out interop on RSA-OAEP key transport as we have it for one MGF function, question is that enough closed

ACTION-896?

<trackbot> ACTION-896 -- Frederick Hirsch to share AES-128-GCM on list and add to the test cases document -- due 2012-08-21 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/896

ACTION-896 closed

<trackbot> ACTION-896 Share AES-128-GCM on list and add to the test cases document closed

ACTION-898?

<trackbot> ACTION-898 -- Frederick Hirsch to draft proposal and CfC on list to change algorithm requirement for RSA v1.5 -- due 2012-08-21 -- PENDINGREVIEW

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/898

ACTION-898 closed

<trackbot> ACTION-898 Draft proposal and CfC on list to change algorithm requirement for RSA v1.5 closed

Next steps

fjh: Scott will check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these
... Pratik will look into KeyInfoReference implementation and interop with Scott of this
... Pratik will contact Magnus regarding XML Encryption 1.1 Key Agreement test cases and interop, he already has the test cases but needs to complete interop
... Frederick to make proposal on list to fix wording regarding 2010 for XML Signature 1.1 section 6.4.1 DSA and algorithms cross reference
... Frederick to follow up to fix formatting of schema/code due to ReSpec update

<scribe> ACTION: fjh to send message to list regarding OCSPResponse and AES-128/192/256-pad Symmetric Key Wrap [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-901 - Send message to list regarding OCSPResponse and AES-128/192/256-pad Symmetric Key Wrap [on Frederick Hirsch - due 2012-08-28].

<scribe> ACTION: scantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-902 - Check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these [on Scott Cantor - due 2012-08-28].

<scribe> ACTION: pdatta look into creating KeyInfoReference implementation and interop with Scott [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action05]

<trackbot> Created ACTION-903 - Look into creating KeyInfoReference implementation and interop with Scott [on Pratik Datta - due 2012-08-28].

<scribe> ACTION: fjh to follow up to fix formatting of schema/code due to ReSpec update [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action06]

<trackbot> Created ACTION-904 - Follow up to fix formatting of schema/code due to ReSpec update [on Frederick Hirsch - due 2012-08-28].

Other Business

pdatta: Are the AES128-GCM test cases from Magnus checked in?

fjh: I checked them in and updated the "Test Cases for XML Encryption 1.1" document, adding to the end of section 2.1
... see http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/Overview.src.html#sec-KeyWrapping

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to follow up to fix formatting of schema/code due to ReSpec update [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action06]
[NEW] ACTION: fjh to review and propose changes related to 2010 wording [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to send message to list regarding OCSPResponse and AES-128/192/256-pad Symmetric Key Wrap [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action03]
[NEW] ACTION: pdatta look into creating KeyInfoReference implementation and interop with Scott [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action05]
[NEW] ACTION: pdatta to contact Magnus regarding key agreement test cases and interop [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action02]
[NEW] ACTION: scantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these [recorded in http://www.w3.org/2012/08/21-xmlsec-minutes.html#action04]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $