Re: Please confirm comment resolutions

Juraj

Much thanks for your comments, they've helped improve our work.  Thanks also for confirming the results in a timely manner.

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG



On Jan 10, 2013, at 2:13 AM, ext Juraj Somorovsky wrote:

> Hi Frederick,
> 
> we reviewed both issues and would like to confirm that our comments were
> addressed properly.
> 
> Thank you
> Best Regards
> Juraj and Tibor
> 
> On 01/07/2013 07:53 PM, Frederick.Hirsch@nokia.com wrote:
>> Juraj
>> 
>> Thanks for your comments on the latest XML Encryption 1.1 draft.  
>> 
>> There were two comments we captured and recorded in  our tracker tool:
>> 
>> (1) Address backward compatibility attacks [1]
>> 
>> We added a new security considerations section, also included the reference you provided [2]. We revised the text based on your and others comments.
>> 
>> (2) Define key derivation function for deriving keys based on algorithm information [3]
>> 
>> The WG agreed to defer to a possible version 1.2 of XML Encryption, given concerns about the late stage of the process, need for interop, and time for thought about the issue. Your previous message seemed to agree that some time might be required.
>> 
>> The decision was recorded in a WG call for consensus email  (see item #1 in CfC http://lists.w3.org/Archives/Public/public-xmlsec/2012Dec/0015.html )
>> 
>> Can you please confirm that the XML Security WG has addressed both your comments by replying to this message (including the public list)?
>> 
>> Sooner  (e.g. this week) would be better as we are trying to conclude the PR this month.
>> 
>> Thanks
>> 
>> regards, Frederick
>> 
>> Frederick Hirsch, Nokia
>> Chair XML Security WG
>> 
>> [1] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2734
>> 
>> [2] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#sec-backwards-compatibility-attacks
>> 
>> [3] https://www.w3.org/2006/02/lc-comments-tracker/42458/WD-xmlenc-core1-20121018/2735
>> 
>> 

Received on Thursday, 10 January 2013 12:02:35 UTC