- From: Bugbee, Larry <larry.bugbee@boeing.com>
- Date: Mon, 18 Sep 2006 13:48:36 -0700
- To: "Anders Rundgren" <anders.rundgren@telia.com>, "Thomas Roessler" <tlr@w3.org>, <w3c-ietf-xmldsig@w3.org>
Also of note, and not XML Sig per se, but during a test over the weekend.... It seems X.509 certs signed with ECDSA are hashed with SHA-1 even if stronger curves are used? I need to verify this, but it will be a few days before I can get back to it. Larry > -----Original Message----- > From: Anders Rundgren [mailto:anders.rundgren@telia.com] > Sent: Monday, September 18, 2006 1:42 PM > To: Bugbee, Larry; Thomas Roessler; w3c-ietf-xmldsig@w3.org > Subject: Re: Future work on XML Signature > > I have seen RFC 4050: > > "This memo provides information for the Internet community. It does > not specify an Internet standard of any kind" > > I also lack a published example of an ECDSA signature and > test vectors. > Since ECC is little known there is much to do in order to > make ECDSA useful. > > Anders > > ----- Original Message ----- > From: "Bugbee, Larry" <larry.bugbee@boeing.com> > To: "Anders Rundgren" <anders.rundgren@telia.com>; "Thomas > Roessler" <tlr@w3.org>; <w3c-ietf-xmldsig@w3.org> > Sent: Monday, September 18, 2006 22:21 > Subject: RE: Future work on XML Signature > > > > Have you seen RFC 4050 and 4051? > > Larry > > > > -----Original Message----- > > From: Anders Rundgren [mailto:anders.rundgren@telia.com] > > Sent: Monday, September 18, 2006 12:50 PM > > To: Thomas Roessler; w3c-ietf-xmldsig@w3.org > > Subject: Re: Future work on XML Signature > > > > > > Thomas, > > > > It seems that ECDSA still lacks a formal inclusion in the XML > > Signature package. > > > > BTW, the XML Signature application for Internet browsers I > > have mentioned earlier is now in 1.0 state: > > http://webpki.org/WASP-tutorial.pdf > > > > regards > > Anders Rundgren > > > > ----- Original Message ----- > > From: "Thomas Roessler" <tlr@w3.org> > > To: <w3c-ietf-xmldsig@w3.org> > > Sent: Monday, September 18, 2006 18:31 > > Subject: Future work on XML Signature > > > > > > > > Hello, > > > > for your information, we're working on a charter for a W3C Working > > Group that would have the task to specifically sort out the xml:id > > mess in XML Signature (by making C14N 1.1 the mandatory to implement > > algorithm, and essentially making the changes described in the > > dsig-usage note), and to fix the Decryption transform for XML > > Signature by making similar changes. > > > > The expectation is that this charter would limit the > > conformance-affecting changes that the group can make to those that > > are demonstrated to be necessary to sort out the immediate problem. > > > > To make the work less dull, the group will also have the mandate to > > write a draft charter for broader follow-up work, and to identify > > issues that need to be addressed. > > > > We intend to have the version of XML Signature and Processing that > > this group would produce submitted to the IETF for publication as an > > RFC; the mechanics of that are presently being discussed. > > > > Feed-back on the overall approach would be most welcome. > > > > Regards, > > -- > > Thomas Roessler, W3C <tlr@w3.org> > > > > > > > > > > > > > > On 2006-09-15 18:28:09 +0200, Jose Kahan wrote: > > > From: Jose Kahan <jose.kahan@w3.org> > > > To: w3c-ietf-xmldsig@w3.org > > > Date: Fri, 15 Sep 2006 18:28:09 +0200 > > > Subject: [FYI] Transition announcement: First Public > > Working Draft of > > > C14N 1.1 and two WG Notes > > > Reply-To: jose.kahan@w3.org > > > List-Id: <w3c-ietf-xmldsig.w3.org> > > > X-Spam-Level: > > > X-Archived-At: > > > > http://www.w3.org/mid/20060915162809.GF29096@rakahanga.inrialpes.fr > > > > > > FYI. > > > > > > All feedback is welcome at the mailing lists that are > given in those > > > documents. > > > > > > Thanks! > > > > > > -jose > > > > > From: "Grosso, Paul" <pgrosso@ptc.com> > > > To: chairs@w3.org, w3t-comm@w3.org > > > Cc: public-xml-core-wg@w3.org > > > Date: Fri, 15 Sep 2006 12:14:04 -0400 > > > Subject: Transition announcement: First Public Working > > Draft of C14N 1.1 > > > and two WG Notes > > > List-Id: <public-xml-core-wg.w3.org> > > > X-Archived-At: > > > > > http://www.w3.org/mid/CF83BAA719FD2C439D25CBB1C9D1D30204ABFCD3 > > @HQ-MAIL4.ptcnet.ptc.com > > > > > > > > > > > > The XML Core WG announces the initial publication of > > > the following three C14N related documents and welcomes > > > review from all interested parties: > > > > > > Known Issues with Canonical XML 1.0 (C14N/1.0) > > > W3C Working Draft 15 September 2006 > > > > > > This version: > > > http://www.w3.org/TR/2006/WD-C14N-issues-20060915/ > > > Latest version: > > > http://www.w3.org/TR/C14N-issues/ > > > > > > [This will become a WG Note.] > > > --- > > > > > > Using XML Digital Signatures in the 2006 XML Environment > > > W3C Working Draft 15 September 2006 > > > > > > This version: > > > http://www.w3.org/TR/2006/WD-DSig-usage-20060915/ > > > Latest version: > > > http://www.w3.org/TR/DSig-usage/ > > > > > > [This will become a WG Note.] > > > > > > --- > > > > > > Canonical XML1.1 > > > W3C Working Draft 15 September 2006 > > > > > > This version: > > > http://www.w3.org/TR/2006/WD-xml-c14n11-20060915 > > > Latest version: > > > http://www.w3.org/TR/xml-c14n11 > > > > > > [This is a Recommendation-track specification.] > > > > > > ========================================================== > > > > > > The document abstracts and status sections are as follows: > > > > > > WG Note: Known Issues with Canonical XML 1.0 (C14N/1.0) > > > ------------------------------------------------------- > > > > > > Abstract > > > -------- > > > This technical note addresses some of the issues related > > > to inheritance of the XML attributes xml:base and xml:id > > > and the W3C Recommendation for Canonical XML Version 1.0 > > > [C14N10] (Errata). Shortcomings of C14N/1.0 are noted out > > > and the use of a new C14N/1.1 recommendation with the XML > > > Digital Signature 1.0 Recommendation [XMLDSIG] is discussed. > > > > > > Status > > > ------ > > > This section describes the status of this document at the > > > time of its publication. Other documents may supersede this > > > document. A list of current W3C publications and the latest > > > revision of this technical report can be found in the W3C > > > technical reports index at http://www.w3.org/TR/. > > > > > > This is the W3C First Public Working Draft of "Known Issues > > > with Canonical XML 1.0 (C14N/1.0)", produced by the XML Core > > > Working Group, as part of the XML Activity. A companion note, > > > "XML Digital Signatures in the 2006 XML Environment" > [XMLDSIG2006], > > > describes in further detail how a revised canonicalization > > > algorithm (C14N/1.1 or other) may be used with the current > > > XML-SIG/1.0 Specification. > > > > > > Once all the comments about this document will have been > > > addressed, the Working Group intends to publish a final > > > version of this document as a W3C Working Group Note. > > > > > > Please send comments related to this document to > > > www-xml-canonicalization-comments@w3.org (public archive). > > > > > > Publication as a Working Draft does not imply endorsement > > > by the W3C Membership. This is a draft document and may be > > > updated, replaced or obsoleted by other documents at any > > > time. It is inappropriate to cite this document as other > > > than work in progress. > > > > > > This document was produced by a group operating under the > > > 5 February 2004 W3C Patent Policy. This document is informative > > > only. W3C maintains a public list of any patent disclosures > > > made in connection with the deliverables of the group; that > > > page also includes instructions for disclosing a patent. An > > > individual who has actual knowledge of a patent which the > > > individual believes contains Essential Claim(s) must disclose > > > the information in accordance with section 6 of the W3C > > Patent Policy. > > > > > > WG Note: Using XML Digital Signatures in the 2006 XML Environment > > > ----------------------------------------------------------------- > > > > > > Abstract > > > -------- > > > This technical note describes how to use the XML Digital > > > Signature Recommendation [XMLDSIG] in a way consistent with > > > the present (fall 2006) XML environment. In particular, this > > > note takes into account the recent xml:id Version 1.0 [XMLID] > > > and Canonical XML Version 1.1 [C14N11] Recommendations. > > > > > > This note suggests constraints on the use of XML Signature, > > > and relies on extension points present in the XML Digital > > > Signature Recommendation. This note does not override any > > > aspect of that Recommendation. > > > > > > Status > > > ------ > > > This section describes the status of this document at the time > > > of its publication. Other documents may supersede this document. > > > A list of current W3C publications and the latest > revision of this > > > technical report can be found in the W3C technical reports index > > > at http://www.w3.org/TR/. > > > > > > This is the W3C First Public Working Draft of "XML Signatures in > > > the 2006 XML Environment", produced by the XML Core > Working Group, > > > as part of the XML Activity. A companion note, "Known Issues with > > > Canonical XML 1.0 (C14N/1.0)" [C14NNOTE], discusses in > detail some > > > of the issues related to the inheritance of certain XML > attributes > > > and the Canonical XML Recommendation 1.0 [C14N10]. > > > > > > Once all the comments about this document will have been > addressed, > > > the Working Group intends to publish a final version of > > this document > > > as a W3C Working Group Note. > > > > > > Please send comments related to this document to > > > www-xml-canonicalization-comments@w3.org (public archive). > > > > > > Publication as a Working Draft does not imply endorsement by the > > > W3C Membership. This is a draft document and may be > > updated, replaced > > > or obsoleted by other documents at any time. It is > inappropriate to > > > cite this document as other than work in progress. > > > > > > This document was produced by a group operating under the > > > 5 February 2004 W3C Patent Policy. This document is > > informative only. > > > W3C maintains a public list of any patent disclosures made > > in connection > > > with the deliverables of the group; that page also includes > > instructions > > > for disclosing a patent. An individual who has actual > > knowledge of a > > > patent which the individual believes contains Essential > > Claim(s) must > > > disclose the information in accordance with section 6 of > > the W3C Patent > > > Policy. > > > > > > > > > First WD: Canonical XML 1.1 > > > --------------------------- > > > > > > Abstract > > > -------- > > > Canonical XML 1.1 is a revision to Canonical XML 1.0 to address > > > issues raised while producing the xml:id specification. > > > > > > Any XML document is part of a set of XML documents that are > > logically > > > equivalent within an application context, but which vary in > > physical > > > representation based on syntactic changes permitted by XML > > 1.0 [XML] > > > and Namespaces in XML [Names]. This specification describes > > a method > > > for generating a physical representation, the canonical > form, of an > > > XML document that accounts for the permissible changes. > Except for > > > limitations regarding a few unusual cases, if two documents > > have the > > > same canonical form, then the two documents are logically > > equivalent > > > within the given application context. Note that two documents may > > > have differing canonical forms yet still be equivalent in a given > > > context based on application-specific equivalence rules for which > > > no generalized XML specification could account. > > > > > > Status > > > ------ > > > This section describes the status of this document at the time > > > of its publication. Other documents may supersede this document. > > > A list of current W3C publications and the latest > revision of this > > > technical report can be found in the W3C technical reports index > > > at http://www.w3.org/TR/. > > > > > > This is a First Public Working Draft of Canonical XML 1.1. > > > This diff-marked version is being made available for review > > > by W3C members and the public. It is intended to give an > > > indication of the W3C XML Core Working Group's intentions > > > for this new version of Canonical XML and our progress in > > > achieving them. It attempts to be complete in indicating > > > what will change from version 1.0, but does not specify in > > > all cases how things will change. A subsequent Last Call > > > draft will consist of a regular, non-diff-marked version > > > of this specification. > > > > > > Please send comments on this Working Draft to > > > www-xml-canonicalization-comments@w3.org (archive). > > > > > > Publication as a Working Draft does not imply endorsement > > by the W3C > > > Membership. This is a draft document and may be updated, > > replaced or > > > obsoleted by other documents at any time. It is > > inappropriate to cite > > > this document as other than work in progress. > > > > > > This document has been produced by the W3C XML Core Working > > Group as > > > part of the W3C XML Activity. The authors of this > document are the > > > members of the XML Core Working Group and invited experts > from the > > > Digital Signature community. > > > > > > This document was produced by a group operating under the > > > 5 February 2004 W3C Patent Policy. W3C maintains a public > > > list of any patent disclosures made in connection with the > > > deliverables of the group; that page also includes instructions > > > for disclosing a patent. An individual who has actual knowledge > > > of a patent which the individual believes contains Essential > > > Claim(s) must disclose the information in accordance with > > > section 6 of the W3C Patent Policy. > > > > > > The English version of this specification is the only > > normative version. > > > > > > > > > Paul Grosso for the XML Core WG > > > > > > > > > > > > > > > > > > > > > >
Received on Monday, 18 September 2006 20:49:07 UTC