W3C

XML Security Working Group Teleconference

24 Jan 2012

Agenda

See also: IRC log

Attendees

Present
Frederick_Hirsch, Ed_Simon, Scott_Cantor, Pratik_Datta, Hal_Lockhart, Gerald_Edgar, Chris_Solc, Bruce_Rich
Regrets
Chair
Frederick_Hirsch
Scribe
fjh

Contents

<trackbot> Date: 24 January 2012

<scribe> ScribeNick: fjh

Administrative

<Ed_Simon> * Ed is IRC-only

No announcements

Minutes Approval

Approve minutes, 17 January 2012

http://lists.w3.org/Archives/Public/public-xmlsec/2012Jan/att-0020/minutes-2012-01-17.html

RESOLUTION: Minutes from 17 January 2012 are approved.

Publication

(i) CR of XML Signature 2.0, Canonical XML 2.0, XML Signature Streaming Profile of XPath 1.0s

(ii) Note of "XML Security RELAX NG Schemas"

proposed RESOLUTION: WG confirms publication of XML Security RELAX NG Schemas as a W3C Note

RESOLUTION: WG confirms publication of XML Security RELAX NG Schemas as a W3C Note

Consider RFC 6476 style algorithm for XML Enc 1.1

scantor: this RFC seems to offer alternative approach to GCM and whether we might use this to address concerns

hal: defeats published attacks using currently implemented algorithms, even though less efficient than GCM

scantor: may be used for JSON, good to have consistency

<scribe> ACTION: fjh to raise RFC 6476 with magnus [recorded in http://www.w3.org/2012/01/24-xmlsec-minutes.html#action01]

<trackbot> Created ACTION-868 - Raise RFC 6476 with magnus [on Frederick Hirsch - due 2012-01-31].

hal: rfc defines key derivation

scantor: also defines data structure to include HMAC
... might be an improvement to have this as part of encryption layer rather than at application layer

hal: see jose list on ietf, redo of xml signature and encryption for json

<Hal> JOSE Archive http://www.ietf.org/mail-archive/web/jose/current/maillist.html

scantor: expects implementation on top of OpenSSL possible, unlike doing GCM from scratch

pdatta: not having GCM combined signing and encryption reduces possibility of timing attack, which might occur with HMAC + encryption approach

hal: done block at a time

Interop

<scribe> ACTION: fjh to contact Brian/Magnus re 1.1 interop [recorded in http://www.w3.org/2012/01/24-xmlsec-minutes.html#action02]

<trackbot> Created ACTION-869 - Contact Brian/Magnus re 1.1 interop [on Frederick Hirsch - due 2012-01-31].

pdatta: will send message to Magnus about continuing 1.1 interop

PAG

fjh: ongoing discussion, possible meeting next week

Action Review

ACTION-862?

<trackbot> ACTION-862 -- Hal Lockhart to review FIPS and RSA-OAEP question in http://lists.w3.org/Archives/Public/public-xmlsec/2011Dec/0001.html -- due 2011-12-20 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/862

will follow up on previous information requests

ACTION-866?

<trackbot> ACTION-866 -- Scott Cantor to review XML Encryption 1.1 for schema and text description consistency and clarity -- due 2012-01-24 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/866

Adjourn

Summary of Action Items

[NEW] ACTION: fjh to contact Brian/Magnus re 1.1 interop [recorded in http://www.w3.org/2012/01/24-xmlsec-minutes.html#action02]
[NEW] ACTION: fjh to raise RFC 6476 with magnus [recorded in http://www.w3.org/2012/01/24-xmlsec-minutes.html#action01]
 
[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009-03-02 03:52:20 $