See also: IRC log
<trackbot> Date: 28 August 2012
<scribe> ScribeNick: fjh
fjh: no announcements
Approve minutes, 21 August 2012
http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/att-0027/minutes-2012-08-21.html
RESOLUTION: Minutes from 21 August 2012 are approved
tlr: should have more clarity on PAG later this week. There was some Team concern regarding the strength of the language wording.
... members of the WG who have legal participation in the PAG are welcome to discuss this offline in order to obtain resolution
CfC to change RSA 1.5 from Required to Optional completed with support for change: http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0019.html
RESOLUTION: The XML Security WG agrees to change RSA 1.5 from Required to Optional in XML Encryption 1.1
<scribe> ACTION: fjh to edit XML Encryption 1.1 to change RSA 1.5 from Required to Optional [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-905 - Edit XML Encryption 1.1 to change RSA 1.5 from Required to Optional [on Frederick Hirsch - due 2012-09-04].
Proposal: http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0028.html
scantor: looked ok to me
RESOLUTION: The changes related to DSA and RSA key length advice and the update to SP800-57 Part 1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0028.html are adopted by the WG
<scribe> ACTION: fjh to update XML Signature for key size language changes [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-906 - Update XML Signature for key size language changes [on Frederick Hirsch - due 2012-09-04].
proposed RESOLUTION: The WG agrees to update the SP800-56A reference in XML Encryption 1.1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0029.html
RESOLUTION: The WG agrees to update the SP800-56A reference in XML Encryption 1.1 as proposed in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0029.html
<scribe> ACTION: fjh to update xml enc reference for SP800-56A [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-907 - Update xml enc reference for SP800-56A [on Frederick Hirsch - due 2012-09-04].
Extend to mid-Sept plans for removal of items with interop progressing.
Items planned to be removed from XML Signature 1.1: OCSPResponse, X509Digest; DEREncodedKeyValue, KeyInfoReference
ACTION-892?
<trackbot> ACTION-892 -- Pratik Datta to check on adding KeyInfoReference -- due 2012-07-31 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/892
ACTION-902?
<trackbot> ACTION-902 -- Scott Cantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these -- due 2012-08-28 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/902
ACTION-897?
<trackbot> ACTION-897 -- Thomas Roessler to confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically -- due 2012-08-21 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/897
fjh: question a - do we need interop for xml schema placeholders like OCSPResponse, where the semantics and details are defined externally; question b can one person provide two implemenations if so; question c can we obtain additional interop participation
proposal here http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0030.html
scott response here http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0031.html
scantor: we can follow w3c policy but not sure we need interop for item like OCSPResponse
fjh: A similar case is the X509SKI element also noted in the X509Data list in XML Signature 1.0
tlr: what behaviours do we expect from an implementation of XML Signature 1.1, is there a must understand or must ignore model? Does conveyance work cleanly?
... second, do people agree that for OCSPResponse, do all understand the encoding, is it consistent
... want to have encoding, decoding test
fjh: it is base64 in the text
tlr: do not need a full infrastructure
scantor: agree that some syntax testing is possible for a given key or certificate but no need to actually do the verification of a signature
tlr: is it possible to create a test case for this
scantor: can create test vectors but do not want to waste time
... was waiting to see if Java implementation could be used, but won't do that if not acceptable
... looking for another developer to see if he can do this
... KeyInfoReference needed since RetrievalMethod is broken, a fix to the spec
... X509Digest is needed since X509IssueSerial is broken, a fix to the spec
... we have a question of timing
... can we defer some
... open content model for some items
fjh: cannot expect wg to be around indefinitely
tlr: would like to have two implementation
... would be preferable to have two implementations, if one, change namespaces and put into WG NOTE
... this is not ideal
fjh: do not like this
... cannot we get two implementations? Pratik is working on this?
pratik: working on KeyInfoReference
... might be possible to do the other ones, such as X509Digest
tlr: an experimental implementation is fine
scantor: should know when Brent will be able to do more next week, probably end of Sept to complete, but this might change
... DEREncoded is fully implemented
<scantor> X509Digest is implemented syntactically
<scantor> KeyInfoReference is implemented as part of a SAML metadata key lookup module
pdatta: will look at these three, will let you know if we can do them next week, am optimistic about it
<scantor> if Prateek can gen a test vector wth two KeyInfo elements in a signed object, I can turn that into a test I can run against
fjh: this would leave us will all items in XML Signature done except for OCSPResponse
Items planned to be removed from XML Encryption 1.1: AES-128/192/256-pad Symmetric Key Wrap, Key Agreement (ECDH, DH)
fjh: Magnus and pratik are working on interop for key agreement
... plan to remove AES-128/192/256-pad Symmetric Key Wrap
proposal is here, will add that identifiers are 'reserved' - http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0032.html
<Gerald-E> I have to sign off...
RESOLUTION: the proposal to move the AES Key Wrap with Padding algorithm material to an informative appendix, as outlined in http://lists.w3.org/Archives/Public/public-xmlsec/2012Aug/0032.html is accepted by the XML Security WG.
<scribe> ACTION: fjh to update XML Encryption 1.1 to move AES Key Wrap with Padding algorithm material to an informative appendix [recorded in http://www.w3.org/2012/08/28-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-908 - Update XML Encryption 1.1 to move AES Key Wrap with Padding algorithm material to an informative appendix [on Frederick Hirsch - due 2012-09-04].
fjh: Formatting issue for schema/examples in XML Signature 1.1 introduced with ReSpec v3 change, not a ReSpec issue but change due to formatting in conjunction with source validation fixes
... working on this
ACTION-238?
<trackbot> ACTION-238 -- Thomas Roessler to draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) -- due 2012-09-30 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/238
fjh: donald is working on RFC
tlr: this could take a long time, not sure who the customer is for it
fjh: this is not relevant for progressing XML Signature 1.1 and XML Encryption 1.1, do not want to delay them or corresponding Algorithms note publication
general agreement to close this action with no further work
ACTION-238 closed
<trackbot> ACTION-238 Draft proposal to add identifiers for ECDSA-RIPEMD, RSA-WHIRLPOOL, ECDSA-WHIRLPOOL to XML Security Algorithms Cross-Reference (follow up to ACTION-222) closed
<scantor> I'll try and post some test vectors for the other two KeyInfo cases
ACTION-717?
<trackbot> ACTION-717 -- Pratik Datta to document the Performance improvements with 2.0 -- due 2010-11-09 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/717
ACTION-717: not needed unless 2.0 is progressed, will defer this work and open action as needed
<trackbot> ACTION-717 Document the Performance improvements with 2.0 notes added
ACTION-717 closed
<trackbot> ACTION-717 Document the Performance improvements with 2.0 closed
ACTION-883?
<trackbot> ACTION-883 -- Frederick Hirsch to review C14N 20 test cases document -- due 2012-04-10 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/883
ACTION-892?
<trackbot> ACTION-892 -- Pratik Datta to check on adding KeyInfoReference -- due 2012-07-31 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/892
<scribe> in progress
ACTION-897?
<trackbot> ACTION-897 -- Thomas Roessler to confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically -- due 2012-08-21 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/897
fjh: tlr has confirmed that two implementations from one author are not acceptable
ACTION-897: tlr has confirmed that two implementations from one author are not acceptable
<trackbot> ACTION-897 Confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically notes added
ACTION-897 closed
<trackbot> ACTION-897 Confirm whether two implementations from one author are ok for DEREncodedKeyValue and KeyInfoReference specifically closed
ACTION-902?
<trackbot> ACTION-902 -- Scott Cantor to check whether he can resource an additional implementer (Brent) to complete implementation and interop of XML Signature 1.1 X509Digest; DEREncodedKeyValue, KeyInfoReference, to eliminate issue of same author and to obtain two implementations for these -- due 2012-08-28 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/902
fjh: in progress
ACTION-903?
<trackbot> ACTION-903 -- Pratik Datta to look into creating KeyInfoReference implementation and interop with Scott -- due 2012-08-28 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/903
fjh: this and ACTION-892 are duplicates
ACTION-892: duplicates ACTION-903, see ACTION-903
<trackbot> ACTION-892 Check on adding KeyInfoReference notes added
ACTION-892 closed
<trackbot> ACTION-892 Check on adding KeyInfoReference closed
ACTION-904?
<trackbot> ACTION-904 -- Frederick Hirsch to follow up to fix formatting of schema/code due to ReSpec update -- due 2012-08-28 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/904
fjh: working on this
ACTION-899: Frederick Hirsch to Review and propose changes related to 2010 wording
ACTION-900: Pratik Datta to Contact Magnus regarding key agreement test cases and interop
ACTION-901: Frederick Hirsch to Send message to list regarding OCSPResponse and AES-128/192/256-pad Symmetric Key Wrap
fjh: will close pending actions after meeting
fjh: tlr, how will WG know of status of PAG later this week
tlr: message will be sent on PAG list