- From: <Frederick.Hirsch@nokia.com>
- Date: Mon, 7 Jan 2013 18:53:33 +0000
- To: <juraj.somorovsky@rub.de>
- CC: <Frederick.Hirsch@nokia.com>, <public-xmlsec@w3.org>
Juraj Thanks for your comments on the latest XML Encryption 1.1 draft. There were two comments we captured and recorded in our tracker tool: (1) Address backward compatibility attacks [1] We added a new security considerations section, also included the reference you provided [2]. We revised the text based on your and others comments. (2) Define key derivation function for deriving keys based on algorithm information [3] The WG agreed to defer to a possible version 1.2 of XML Encryption, given concerns about the late stage of the process, need for interop, and time for thought about the issue. Your previous message seemed to agree that some time might be required. The decision was recorded in a WG call for consensus email (see item #1 in CfC http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0015.html ) Can you please confirm that the XML Security WG has addressed both your comments by replying to this message (including the public list)? Sooner (e.g. this week) would be better as we are trying to conclude the PR this month. Thanks regards, Frederick Frederick Hirsch, Nokia Chair XML Security WG [1] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2734 [2] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#sec-backwards-compatibility-attacks [3] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2735
Received on Monday, 7 January 2013 18:54:09 UTC