Minutes of 020204-tele.html (last week)

Christian just reminded me that I forgot to post the minutes from last 
week's teleconf. (I did link them from the WG page.)


  Chair: Joseph Reagle
  Note Taker: Joseph Reagle


     * Joseph Reagle, W3C
     * Donald Eastlake, Motorola
     * Mike Just, Entrust
     * Blair Dillaway, MS
     * Merlin Hughes, Baltimore
     * (egrets) Christian Geuer-Pollmann, Uni Siegen

Reviewing Previous Items

    1. Eastlake: tweak text.  Remove text saying a nonce prevents CBC IV
    2. Eastlake: DH: RFC2631 versus PKCS3
    3. Eastlake:Nonces and IVs: "It is unclear to me what "algorithm
       dependent length" is referring to in the second sentence. 
    6. Eastlake: add real life examples in section 5.5 to illustrate.
       Pending. (Still need that later example?)



    1. [7]Encrypting the IV: Do we encrypt the IV?
       Not enough consensus to include in spec, should be specified
       externally. (First as a seperate document, then maybe in the
       [8]Additional XML Security URIs?)
       Reagle: Is section 5.2 too constraining? I think there is some
       confusion about its interpration, but the intention isn't too
       preclude externally specified algorithms from processing the IV as
       they see fit. I could make a tweak to make this more clear. ACTION
       Eastlake: since Don has change control on section 5 he can review
       this text.
    2. [9]Password Derivation: Is Christian's understanding of what a
       password derivation is accurate? Do we still wish to not specify
       this ourselves?
       Same understanding as the encrypted IV, start off with it being
       externally specified.




    1. Reagle: Given our recent brush with performance issues with XPath,
       have folks played with the xmldsig-decryption-transorm? Merlin and
       Blair have played with it, didn't seem to encounter any problems
       at the time.
    2. Reagle: since we are entering CR we could say something about on
       Eastlake: wouldn't hurt to say we're interested in feedback about
    3. (Since folks are on the call: Reagle asks Merlin about [10]Boyer's
       message, Merlin will respond with some numbers.)
    4. Ok, when Don gives me the section 5 tweaks we'll be ready to
       advance out of CR. Targetted publication of this month.



Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Tuesday, 12 February 2002 09:45:23 UTC