See also: IRC log
<trackbot> Date: 19 June 2012
<scribe> ScribeNick: fjh
added to agenda Publication planning
http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/att-0016/minutes-2012-06-12.html
RESOLUTION: Revised minutes from 12 June 2012 are approved
http://lists.w3.org/Archives/Public/public-xmlsec/2012Jun/0014.html
fjh: updated the XML Signature 1.1 and 2.0 drafts to clarify language around algorithms
fjh: PAG work is progressing, members only draft at https://www.w3.org/2011/xmlsec-pag/pagreport.html
ACTION-888?
<trackbot> ACTION-888 -- Pratik Datta to distribute test case and result for testing XML Signature 1.1 HMACOutputLength minimum length -- due 2012-06-19 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/888
scantor: will have to go with the approach pratik noted, unfortunately more work
... asks if anyone else has had problems with the first test
<scantor> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/
bal: not sure, would need to check
<scantor> the one I haven't managed to decrypt the key for is http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/test-cases/files/cipherText__RSA-2048__aes128-gcm__rsa-oaep-mgf1p.xml
ACTION-887?
<trackbot> ACTION-887 -- Hal Lockhart to draft text on HMAC truncation for XML Signature best practices -- due 2012-05-22 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/887
hal: is there ambiguity of what truncation means?
... doesn't seem to be defined in spec
fjh: thought this was defined as part of algorithm
hal: will work on action in next few days
fjh: thought it is standard practice to truncate off the end
bal: thought so as well
... new NIST spec out on truncating SHA-512
... part of SHA-2 update
... could reference this if we do not have normative reference, truncate off the end
... we have not implemented truncation option, did not need it
hal: important security reasons to truncate
bal: why?
hal: can reference paper, other attacks can be made more difficult with truncation
... best practice
<Ed_Simon> http://csrc.nist.gov/groups/ST/hash/documents/Kelsey_Truncation.pdf
<Hal> link to HMAC paper:http://www.jucs.org/jucs_14_3/new_results_on_nmac
fjh: do we want to make a change to the spec to clarify truncation?
hal: will look at original interop spec
fjh: so you will confirm on list that truncation from end, then we may need to add language to spec and update to NIST
hal: need to be clear on high order, low order, avoid bit ordering ambiguity
ISSUE: clarify meaning of HMAC truncation
<trackbot> Created ISSUE-232 - Clarify meaning of HMAC truncation ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/232/edit .
fjh: we have made a number of changes to XML Signature 1.1 since the last CR publication, including a clarification of serialization, clarifications related to KeyInfoReference, changing SHOULD for KeyInfoReference and adding REQUIRED for Exclusive C14N omits comments, among other changes.
... this suggests we should have an updated publication soon, need to determine whether we need another LC.
... probably want to address truncation clarification first, ISSUE-232
... Likewise, we added optional AES192-GCM to XML Encryption 1.1, need to confirm whether this requires another LC or just a CR update.
... Seems like we should be able to update the CR of XML Signature 2.0 without LC for recent editorial updates related to ECC
... finally, we need to update Security Algorithms Cross-Reference, and RELAX NG Note, also publish updated Best Practices once newest addition is in place
... I am discussing with tlr offline
fjh: once we complete interop and publication of our documents, we will need to think about maintenance and how that is handled.
... but this is probably early for discussion as we have to complete interop and other work to bring the 1.1 specs to REC (and possibly 2.0)