W3C

XML Security Working Group Teleconference

28 Aug 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Thomas_Roessler, Scott_Cantor, Gerald_Edgar, Bruce_Rich, Pratik_Datta
Regrets
Chair
Frederick_Hirsch
Scribe
fjh

Contents


<trackbot> Date: 28 August 2012

<scribe> ScribeNick: fjh

Administrivia: Agenda review, Liaisons, Announcements

fjh: no announcements

Minutes Approval

Approve minutes, 21 August 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/att-0027/minutes-2012-08-21.html

RESOLUTION: Minutes from 21 August 2012 are approved

PAG Update

tlr: should have more clarity on PAG later this week. There was some Team concern regarding the strength of the language wording.
... members of the WG who have legal participation in the PAG are welcome to discuss this offline in order to obtain resolution

XML Encryption RSA v1.5

CfC to change RSA 1.5 from Required to Optional completed with support for change: http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0019.html

RESOLUTION: The XML Security WG agrees to change RSA 1.5 from Required to Optional in XML Encryption 1.1

<scribe> ACTION: fjh to edit XML Encryption 1.1 to change RSA 1.5 from Required to Optional [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-905 - Edit XML Encryption 1.1 to change RSA 1.5 from Required to Optional [on Frederick Hirsch - due 2012-09-04].

XML Signature key size proposal (ISSUE-233, ACTION-899)

Proposal: http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0028.html

scantor: looked ok to me

RESOLUTION: The changes related to DSA and RSA key length advice and the update to SP800-57 Part 1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0028.html are adopted by the WG

<scribe> ACTION: fjh to update XML Signature for key size language changes [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-906 - Update XML Signature for key size language changes [on Frederick Hirsch - due 2012-09-04].

XML Encryption NIST SP800-56A

proposed RESOLUTION: The WG agrees to update the SP800-56A reference in XML Encryption 1.1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0029.html

RESOLUTION: The WG agrees to update the SP800-56A reference in XML Encryption 1.1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0029.html

<scribe> ACTION: fjh to update xml enc reference for SP800-56A [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action03]

<trackbot> Created ACTION-907 - Update xml enc reference for SP800-56A [on Frederick Hirsch - due 2012-09-04].

Roadmap

Extend to mid-Sept plans for removal of items with interop progressing.

Items planned to be removed from XML Signature 1.1: OCSPResponse, X509Digest; DEREncodedKeyValue, KeyInfoReference

ACTION-892?

<trackbot> ACTION-892 -- Pratik Datta to check on adding KeyInfoReference -- due 2012-07-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/892

ACTION-902?

<trackbot> ACTION-902 -- Scott Cantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these -- due 2012-08-28 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/902

ACTION-897?

<trackbot> ACTION-897 -- Thomas Roessler to confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically -- due 2012-08-21 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/897

fjh: question a - do we need interop for xml schema placeholders like OCSPResponse, where the semantics and details are defined externally; question b can one person provide two implemenations if so; question c can we obtain additional interop participation

proposal here http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0030.html

scott response here http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0031.html

scantor: we can follow w3c policy but not sure we need interop for item like OCSPResponse

fjh: A similar case is the X509SKI element also noted in the X509Data list in XML Signature 1.0

tlr: what behaviours do we expect from an implementation of XML Signature 1.1, is there a must understand or must ignore model? Does conveyance work cleanly?
... second, do people agree that for OCSPResponse, do all understand the encoding, is it consistent
... want to have encoding, decoding test

fjh: it is base64 in the text

tlr: do not need a full infrastructure

scantor: agree that some syntax testing is possible for a given key or certificate but no need to actually do the verification of a signature

tlr: is it possible to create a test case for this

scantor: can create test vectors but do not want to waste time
... was waiting to see if Java implementation could be used, but won't do that if not acceptable
... looking for another developer to see if he can do this
... KeyInfoReference needed since RetrievalMethod is broken, a fix to the spec
... X509Digest is needed since X509IssueSerial is broken, a fix to the spec
... we have a question of timing
... can we defer some
... open content model for some items

fjh: cannot expect wg to be around indefinitely

tlr: would like to have two implementation
... would be preferable to have two implementations, if one, change namespaces and put into WG NOTE
... this is not ideal

fjh: do not like this
... cannot we get two implementations? Pratik is working on this?

pratik: working on KeyInfoReference
... might be possible to do the other ones, such as X509Digest

tlr: an experimental implementation is fine

scantor: should know when Brent will be able to do more next week, probably end of Sept to complete, but this might change
... DEREncoded is fully implemented

<scantor> X509Digest is implemented syntactically

<scantor> KeyInfoReference is implemented as part of a SAML metadata key lookup module

pdatta: will look at these three, will let you know if we can do them next week, am optimistic about it

<scantor> if Prateek can gen a test vector wth two KeyInfo elements in a signed object, I can turn that into a test I can run against

fjh: this would leave us will all items in XML Signature done except for OCSPResponse

Items planned to be removed from XML Encryption 1.1: AES-128/192/256-pad Symmetric Key Wrap, Key Agreement (ECDH, DH)

fjh: Magnus and pratik are working on interop for key agreement
... plan to remove AES-128/192/256-pad Symmetric Key Wrap

proposal is here, will add that identifiers are 'reserved' - http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0032.html

<Gerald-E> I have to sign off...

RESOLUTION: the proposal to move the AES Key Wrap with Padding algorithm material to an informative appendix, as outlined in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0032.html is accepted by the XML Security WG.

<scribe> ACTION: fjh to update XML Encryption 1.1 to move AES Key Wrap with Padding algorithm material to an informative appendix [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action04]

<trackbot> Created ACTION-908 - Update XML Encryption 1.1 to move AES Key Wrap with Padding algorithm material to an informative appendix [on Frederick Hirsch - due 2012-09-04].

fjh: Formatting issue for schema/examples in XML Signature 1.1 introduced with ReSpec v3 change, not a ReSpec issue but change due to formatting in conjunction with source validation fixes
... working on this

Actions

ACTION-238?

<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-09-30 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238

fjh: donald is working on RFC

tlr: this could take a long time, not sure who the customer is for it

fjh: this is not relevant for progressing XML Signature 1.1 and XML Encryption 1.1, do not want to delay them or corresponding Algorithms note publication

general agreement to close this action with no further work

ACTION-238 closed

<trackbot> ACTION-238 Draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) closed

<scantor> I'll try and post some test vectors for the other two KeyInfo cases

ACTION-717?

<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717

ACTION-717: not needed unless 2.0 is progressed, will defer this work and open action as needed

<trackbot> ACTION-717 Document the Performance improvements with 2.0 notes added

ACTION-717 closed

<trackbot> ACTION-717 Document the Performance improvements with 2.0 closed

ACTION-883?

<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883

ACTION-892?

<trackbot> ACTION-892 -- Pratik Datta to check on adding KeyInfoReference -- due 2012-07-31 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/892

<scribe> in progress

ACTION-897?

<trackbot> ACTION-897 -- Thomas Roessler to confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically -- due 2012-08-21 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/897

fjh: tlr has confirmed that two implementations from one author are not acceptable

ACTION-897: tlr has confirmed that two implementations from one author are not acceptable

<trackbot> ACTION-897 Confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically notes added

ACTION-897 closed

<trackbot> ACTION-897 Confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically closed

ACTION-902?

<trackbot> ACTION-902 -- Scott Cantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these -- due 2012-08-28 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/902

fjh: in progress

ACTION-903?

<trackbot> ACTION-903 -- Pratik Datta to look into creating KeyInfoReference implementation and interop with Scott -- due 2012-08-28 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/903

fjh: this and ACTION-892 are duplicates

ACTION-892: duplicates ACTION-903, see ACTION-903

<trackbot> ACTION-892 Check on adding KeyInfoReference notes added

ACTION-892 closed

<trackbot> ACTION-892 Check on adding KeyInfoReference closed

ACTION-904?

<trackbot> ACTION-904 -- Frederick Hirsch to follow up to fix formatting of schema/code due to ReSpec update -- due 2012-08-28 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/904

fjh: working on this

Pending Actions

ACTION-899: Frederick Hirsch to Review and propose changes related to 2010 wording

ACTION-900: Pratik Datta to Contact Magnus regarding key agreement test cases and interop

ACTION-901: Frederick Hirsch to Send message to list regarding OCSPResponse and AES-128/192/256-pad Symmetric Key Wrap

fjh: will close pending actions after meeting

Other Business

fjh: tlr, how will WG know of status of PAG later this week

tlr: message will be sent on PAG list

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to edit XML Encryption 1.1 to change RSA 1.5 from Required to Optional [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action01]
[NEW] ACTION: fjh to update xml enc reference for SP800-56A [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action03]
[NEW] ACTION: fjh to update XML Encryption 1.1 to move AES Key Wrap with Padding algorithm material to an informative appendix [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action04]
[NEW] ACTION: fjh to update XML Signature for key size language changes [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action02]
 
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $