HW Support and XML Encryption Requirements

The requirements document should include:


4.0 The encryption and XML processing should be 
    -
    - 
    - support the use of hardware implementation of the encryption
processing


Hardware considerations introduce design consideration that impact the
sytax.  For example, the current draft proposal places cryptographic
initialization information early in the header:

<xenc:EncryptedData xmlns:xenc='http://www.w3.org/2000/11/temp-xmlenc'>
  <xenc:EncryptionMethod xenc:Algorithm="urn:nist-gov:tripledes-ede-cbc">
    <s0:IV xmlns:s0='http://somens'>ABCD</s0:IV>
    .... etc ....

It is "best" to have hardware directly support the creation of the
initialization information required for encryption transforms (IV).
Ideally, the IV should be directly in front of the cipher text to support
the tight integration of the generation of the IV with the cryptographic
process.  

I've always been an advocate of bundling the transforms to include the
algorithm, block mode, IV (length and format) and padding.  It unfortunate
that our modular cryptographic standards do not directly specify a complete
and secure transformation. But, that's a longer discussion ...


Paul


-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Friday, February 16, 2001 1:25 PM
To: XML Encryption WG 
Subject: XML Encryption FTF Registrants and meta-agenda


[This email is addressed both to individual registrants (bcc) and to the 
encryption list.]

REGISTRATION

Registration closed yesterday, see bottom of email for registered 
participants and observers. There's a couple of people missing to my mind. 
If you plan to attend please let me know you are stilling trying to 
register, which I hear was reopened and extended until Sunday.

SIZE/INTERACTIVITY

As this is early in the Working Group (WG) life cycle, in fact its the first

formal meeting, I'd like the meeting to be closer to interactive (on the 
difficult issues, people scribbling on white-boards and design/break-out 
groups then returning to the larger group with a proposal/closure) than to 
long presentations before a big audience. However, given this is happening 
in the context of the W3C Plenary it appears we have about 15 WG 
participants and 20 observers -- a few of which I consider participants 
given their previous activity. That's a pretty big group of people. So while

I haven't completely formulated an observer policy (it'll depend on the room

really) I'm still going to be shooting for interactivity between those that 
are informed and have been active in previous workshop/BoFs and on this
list.

META-AGENDA

The goal of this meeting is to get closure on open issues, all of which I 
hope are captured in the requirements document [1]. These issues are 
captured from the list and proposals ([2], being the latest). Please be very

familiar with both of these documents. This then should then be reflected in

a ASAP publication of a Requirements Working Draft (WD), and an subsequent 
specification WD.

[1] http://www.w3.org/Encryption/2001/01/23-xml-encryption-req.html
[2] 
http://lists.w3.org/Archives/Public/xml-encryption/2000Dec/att-0024/01-XMLEn
cryption_v01.html

My very rough agenda follows, a better version of this will follow next 
week. Presently, I'm talking too much so I'm going to be looking for folks 
to volunteer to present issues and maybe lead a brain-storming session. 
Also, volunteers for minutes are solicited: 3 note takers for 2 hour chunks.

Also, any suggestions/comments are welcome.

Morning
8:30: Snacks?
9:00-10:00 Introduction, History, Charter (deliverables, scope, IPR). Joseph

Reagle.
10:00-10:30 Requirements / Easy Issues. Joseph Reagle
10:30-10:45 Break
10:45-11:45 Overview of latest proposal [2]. ?Volunteer?
12:00-1:00 Intro to more difficult issues.
    1. Attribute Encryption and Arbitrary External Data. Ed Simon
    2. Signing and Encryption. ?Volunteer?
    3. Transform feature (if any) and Algorithm support. ?Volunteer?
    4. Syntax (e.g. a few of the Open Issues in [2]). ?Joseph Reagle?
1:00-2:00 Lunch
2:00-3:00 Refocus Hard Issues.
3:00-3:00 Break out if necessary (Can get a cookie too.)
4:00-5:00 Identify what has been agreed to, and propose methods of closing 
others (someone document alternatives, makes new proposal, discussed in 
teleconference, go with X and ask for wider review, etc.)
5:00-5:30 Closing: Review action items, scheduling teleconferences, and next

meeting.


__

Register WG Participants

Aaron J. 	Ferguson	PricewaterhouseCoopers
Shivaram	Mysore	Sun Microsystems Inc
Raghavan	Srinivas	Sun Microsystems
Michael	Doberenz	Siemens AG
Mark	Nobles	Logistics Management Institute
Frederick	Hirsch	Zolera Systems
Gilbert	Pilz	Jamcracker, Inc.
Blair	Dillaway	Microsoft Corp.
Steve	Wiley	MyProof
Ed	Simon	Entrust Technologies
Warwick	Ford	VeriSign, Inc.
Thane	Plambeck	VeriSign
Joseph	Reagle	W3C
John	Messing	LegalXML.org
Daniel	Toth	Ford Motor Co.


Register Observers

Daniela	Florescu	Crossgain
Stephen	Purpura	Microsoft Corporation
Eric E.	Cohen	PricewaterhouseCoopers LLP
Randy	Hall	Intel
Yongge	Wang	Certicom Corp.
Ralph R.	Swick	W3C/MIT
Mike	Dean	BBN Technologies / Verizon
Graham	Klyne	Baltimore Technologies
Martin	Dürst	W3C
Karl	Dubost	W3C
Eric	Prud'hommeaux	W3C
Libby	Miller	ILRT, University of Bristol
Allen	Brown	Microsoft Corporation
marie-claire	forgue	W3C
Jason	Rouault	Hewlett-Packard
Rigo	Wenning	W3C
Tom	Butcher	OpenDesign, Inc.
Richard	Brooks	Group 8760 (ebXML liaison to W3C)
Aaron	Swartz	Info Network
John	Linn	RSA Laboratories

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/