Re: Future work on XML Signature from Anders Rundgren on 2006-09-18 (w3c-ietf-xmldsig@w3.org from July to September 2006)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Mon, 18 Sep 2006 22:41:52 +0200
To: "Bugbee, Larry" <larry.bugbee@boeing.com>, "Thomas Roessler" <tlr@w3.org>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <00f701c6db62$dfa70220$82c5a8c0@arport2v>
I have seen RFC 4050:

  "This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind"

I also lack a published example of an ECDSA signature and test vectors.
Since ECC is little known there is much to do in order to make ECDSA
useful.

Anders

----- Original Message ----- 
From: "Bugbee, Larry" <larry.bugbee@boeing.com>
To: "Anders Rundgren" <anders.rundgren@telia.com>; "Thomas Roessler" <tlr@w3.org>; <w3c-ietf-xmldsig@w3.org>
Sent: Monday, September 18, 2006 22:21
Subject: RE: Future work on XML Signature



Have you seen RFC 4050 and 4051?

Larry


> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
> Sent: Monday, September 18, 2006 12:50 PM
> To: Thomas Roessler; w3c-ietf-xmldsig@w3.org
> Subject: Re: Future work on XML Signature
> 
> 
> Thomas,
> 
> It seems that ECDSA still lacks a formal inclusion in the XML 
> Signature package.
> 
> BTW, the XML Signature application for Internet browsers I 
> have mentioned earlier is now in 1.0 state: 
> http://webpki.org/WASP-tutorial.pdf
> 
> regards
> Anders Rundgren
> 
> ----- Original Message -----
> From: "Thomas Roessler" <tlr@w3.org>
> To: <w3c-ietf-xmldsig@w3.org>
> Sent: Monday, September 18, 2006 18:31
> Subject: Future work on XML Signature
> 
> 
> 
> Hello,
> 
> for your information, we're working on a charter for a W3C Working
> Group that would have the task to specifically sort out the xml:id
> mess in XML Signature (by making C14N 1.1 the mandatory to implement
> algorithm, and essentially making the changes described in the
> dsig-usage note), and to fix the Decryption transform for XML
> Signature by making similar changes.
> 
> The expectation is that this charter would limit the
> conformance-affecting changes that the group can make to those that
> are demonstrated to be necessary to sort out the immediate problem.
> 
> To make the work less dull, the group will also have the mandate to
> write a draft charter for broader follow-up work, and to identify
> issues that need to be addressed.
> 
> We intend to have the version of XML Signature and Processing that
> this group would produce submitted to the IETF for publication as an
> RFC; the mechanics of that are presently being discussed.
> 
> Feed-back on the overall approach would be most welcome.
> 
> Regards,
> -- 
> Thomas Roessler, W3C   <tlr@w3.org>
> 
> 
> 
> 
> 
> 
> On 2006-09-15 18:28:09 +0200, Jose Kahan wrote:
> > From: Jose Kahan <jose.kahan@w3.org>
> > To: w3c-ietf-xmldsig@w3.org
> > Date: Fri, 15 Sep 2006 18:28:09 +0200
> > Subject: [FYI] Transition announcement: First Public 
> Working Draft of
> > C14N 1.1 and two WG Notes
> > Reply-To: jose.kahan@w3.org
> > List-Id: <w3c-ietf-xmldsig.w3.org>
> > X-Spam-Level: 
> > X-Archived-At:
> > http://www.w3.org/mid/20060915162809.GF29096@rakahanga.inrialpes.fr
> > 
> > FYI.
> > 
> > All feedback is welcome at the mailing lists that are given in those
> > documents.
> > 
> > Thanks!
> > 
> > -jose
> 
> > From: "Grosso, Paul" <pgrosso@ptc.com>
> > To: chairs@w3.org, w3t-comm@w3.org
> > Cc: public-xml-core-wg@w3.org
> > Date: Fri, 15 Sep 2006 12:14:04 -0400
> > Subject: Transition announcement: First Public Working 
> Draft of C14N 1.1
> > and two WG Notes
> > List-Id: <public-xml-core-wg.w3.org>
> > X-Archived-At:
> > 
> http://www.w3.org/mid/CF83BAA719FD2C439D25CBB1C9D1D30204ABFCD3
> @HQ-MAIL4.ptcnet.ptc.com
> > 
> > 
> > 
> > The XML Core WG announces the initial publication of 
> > the following three C14N related documents and welcomes
> > review from all interested parties:
> > 
> > Known Issues with Canonical XML 1.0 (C14N/1.0)
> > W3C Working Draft 15 September 2006
> > 
> > This version:
> >      http://www.w3.org/TR/2006/WD-C14N-issues-20060915/
> > Latest version:
> >      http://www.w3.org/TR/C14N-issues/
> > 
> > [This will become a WG Note.]
> > ---
> > 
> > Using XML Digital Signatures in the 2006 XML Environment
> > W3C Working Draft 15 September 2006
> > 
> > This version:
> >      http://www.w3.org/TR/2006/WD-DSig-usage-20060915/
> > Latest version:
> >      http://www.w3.org/TR/DSig-usage/
> > 
> > [This will become a WG Note.]
> > 
> > ---
> > 
> > Canonical XML1.1
> > W3C Working Draft 15 September 2006
> > 
> > This version:
> >      http://www.w3.org/TR/2006/WD-xml-c14n11-20060915
> > Latest version:
> >      http://www.w3.org/TR/xml-c14n11
> > 
> > [This is a Recommendation-track specification.]
> > 
> > ==========================================================
> > 
> > The document abstracts and status sections are as follows:
> > 
> > WG Note: Known Issues with Canonical XML 1.0 (C14N/1.0)
> > -------------------------------------------------------
> > 
> > Abstract
> > --------
> > This technical note addresses some of the issues related
> > to inheritance of the XML attributes xml:base and xml:id 
> > and the W3C Recommendation for Canonical XML Version 1.0 
> > [C14N10] (Errata). Shortcomings of C14N/1.0 are noted out 
> > and the use of a new C14N/1.1 recommendation with the XML 
> > Digital Signature 1.0 Recommendation [XMLDSIG] is discussed. 
> > 
> > Status
> > ------
> > This section describes the status of this document at the 
> > time of its publication. Other documents may supersede this 
> > document. A list of current W3C publications and the latest 
> > revision of this technical report can be found in the W3C 
> > technical reports index at http://www.w3.org/TR/.
> > 
> > This is the W3C First Public Working Draft of "Known Issues 
> > with Canonical XML 1.0 (C14N/1.0)", produced by the XML Core 
> > Working Group, as part of the XML Activity. A companion note, 
> > "XML Digital Signatures in the 2006 XML Environment" [XMLDSIG2006], 
> > describes in further detail how a revised canonicalization 
> > algorithm (C14N/1.1 or other) may be used with the current 
> > XML-SIG/1.0 Specification.
> > 
> > Once all the comments about this document will have been 
> > addressed, the Working Group intends to publish a final 
> > version of this document as a W3C Working Group Note.
> > 
> > Please send comments related to this document to 
> > www-xml-canonicalization-comments@w3.org (public archive).
> > 
> > Publication as a Working Draft does not imply endorsement 
> > by the W3C Membership. This is a draft document and may be 
> > updated, replaced or obsoleted by other documents at any 
> > time. It is inappropriate to cite this document as other 
> > than work in progress.
> > 
> > This document was produced by a group operating under the 
> > 5 February 2004 W3C Patent Policy. This document is informative 
> > only. W3C maintains a public list of any patent disclosures 
> > made in connection with the deliverables of the group; that 
> > page also includes instructions for disclosing a patent. An 
> > individual who has actual knowledge of a patent which the 
> > individual believes contains Essential Claim(s) must disclose 
> > the information in accordance with section 6 of the W3C 
> Patent Policy.
> > 
> > WG Note: Using XML Digital Signatures in the 2006 XML Environment
> > -----------------------------------------------------------------
> > 
> > Abstract
> > --------
> > This technical note describes how to use the XML Digital 
> > Signature Recommendation [XMLDSIG] in a way consistent with 
> > the present (fall 2006) XML environment. In particular, this 
> > note takes into account the recent xml:id Version 1.0 [XMLID] 
> > and Canonical XML Version 1.1 [C14N11] Recommendations.
> > 
> > This note suggests constraints on the use of XML Signature, 
> > and relies on extension points present in the XML Digital 
> > Signature Recommendation. This note does not override any 
> > aspect of that Recommendation.
> > 
> > Status
> > ------
> > This section describes the status of this document at the time 
> > of its publication. Other documents may supersede this document. 
> > A list of current W3C publications and the latest revision of this 
> > technical report can be found in the W3C technical reports index 
> > at http://www.w3.org/TR/.
> > 
> > This is the W3C First Public Working Draft of "XML Signatures in 
> > the 2006 XML Environment", produced by the XML Core Working Group, 
> > as part of the XML Activity. A companion note, "Known Issues with 
> > Canonical XML 1.0 (C14N/1.0)" [C14NNOTE], discusses in detail some 
> > of the issues related to the inheritance of certain XML attributes 
> > and the Canonical XML Recommendation 1.0 [C14N10]. 
> > 
> > Once all the comments about this document will have been addressed, 
> > the Working Group intends to publish a final version of 
> this document 
> > as a W3C Working Group Note.
> > 
> > Please send comments related to this document to 
> > www-xml-canonicalization-comments@w3.org (public archive).
> > 
> > Publication as a Working Draft does not imply endorsement by the 
> > W3C Membership. This is a draft document and may be 
> updated, replaced 
> > or obsoleted by other documents at any time. It is inappropriate to 
> > cite this document as other than work in progress.
> > 
> > This document was produced by a group operating under the 
> > 5 February 2004 W3C Patent Policy. This document is 
> informative only. 
> > W3C maintains a public list of any patent disclosures made 
> in connection
> > with the deliverables of the group; that page also includes 
> instructions
> > for disclosing a patent. An individual who has actual 
> knowledge of a 
> > patent which the individual believes contains Essential 
> Claim(s) must 
> > disclose the information in accordance with section 6 of 
> the W3C Patent 
> > Policy.
> > 
> > 
> > First WD: Canonical XML 1.1
> > ---------------------------
> > 
> > Abstract
> > --------
> > Canonical XML 1.1 is a revision to Canonical XML 1.0 to address 
> > issues raised while producing the xml:id specification.
> > 
> > Any XML document is part of a set of XML documents that are 
> logically 
> > equivalent within an application context, but which vary in 
> physical 
> > representation based on syntactic changes permitted by XML 
> 1.0 [XML] 
> > and Namespaces in XML [Names]. This specification describes 
> a method 
> > for generating a physical representation, the canonical form, of an 
> > XML document that accounts for the permissible changes. Except for 
> > limitations regarding a few unusual cases, if two documents 
> have the 
> > same canonical form, then the two documents are logically 
> equivalent 
> > within the given application context. Note that two documents may 
> > have differing canonical forms yet still be equivalent in a given 
> > context based on application-specific equivalence rules for which 
> > no generalized XML specification could account.
> > 
> > Status
> > ------
> > This section describes the status of this document at the time 
> > of its publication. Other documents may supersede this document. 
> > A list of current W3C publications and the latest revision of this 
> > technical report can be found in the W3C technical reports index 
> > at http://www.w3.org/TR/.
> > 
> > This is a First Public Working Draft of Canonical XML 1.1. 
> > This diff-marked version is being made available for review 
> > by W3C members and the public. It is intended to give an 
> > indication of the W3C XML Core Working Group's intentions 
> > for this new version of Canonical XML and our progress in 
> > achieving them. It attempts to be complete in indicating 
> > what will change from version 1.0, but does not specify in 
> > all cases how things will change. A subsequent Last Call 
> > draft will consist of a regular, non-diff-marked version 
> > of this specification.
> > 
> > Please send comments on this Working Draft to 
> > www-xml-canonicalization-comments@w3.org (archive).
> > 
> > Publication as a Working Draft does not imply endorsement 
> by the W3C 
> > Membership. This is a draft document and may be updated, 
> replaced or 
> > obsoleted by other documents at any time. It is 
> inappropriate to cite 
> > this document as other than work in progress.
> > 
> > This document has been produced by the W3C XML Core Working 
> Group as 
> > part of the W3C XML Activity. The authors of this document are the 
> > members of the XML Core Working Group and invited experts from the 
> > Digital Signature community.
> > 
> > This document was produced by a group operating under the 
> > 5 February 2004 W3C Patent Policy. W3C maintains a public 
> > list of any patent disclosures made in connection with the 
> > deliverables of the group; that page also includes instructions 
> > for disclosing a patent. An individual who has actual knowledge 
> > of a patent which the individual believes contains Essential 
> > Claim(s) must disclose the information in accordance with 
> > section 6 of the W3C Patent Policy.
> > 
> > The English version of this specification is the only 
> normative version.
> > 
> > 
> > Paul Grosso for the XML Core WG
> > 
> > 
> 
> 
> 
> 
> 
>
Received on Monday, 18 September 2006 20:42:10 UTC