12:22:10 RRSAgent has joined #xmlsec 12:22:10 logging to http://www.w3.org/2007/05/29-xmlsec-irc 12:22:13 zakim, this will be xmlsec 12:22:13 ok, tlr; I see T&S_XMLSEC()9:00AM scheduled to start in 38 minutes 12:22:22 Meeting: XML Sec Spec Maint WG Weekly 12:22:24 Date: 2007-05-09 12:22:27 Date: 2007-05-29 12:22:30 s/09/29/ 12:24:41 chair: Thomas 12:25:24 scribe: GilesHogben 12:25:41 Regrets: PhillipHallamBaker, FrederickHirsch 12:26:22 Regrets+ HalLockhart 12:29:56 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0045.html 12:39:24 klanz2 has joined #xmlsec 12:40:11 hi konrad 12:55:10 grw has joined #xmlsec 12:55:18 GilesHogben has joined #xmlsec 12:56:11 ScribeNick: GilesHogben 12:57:05 sean has joined #xmlsec 12:58:20 T&S_XMLSEC()9:00AM has now started 12:58:27 jcc has joined #xmlsec 12:58:28 + +30281039aaaa 12:58:32 +??P0 12:58:45 zakim, ? klanz2 12:58:45 I don't understand '? klanz2', klanz2 12:58:49 EdS has joined #xmlsec 12:59:02 zakim, ? is klanz2 12:59:02 +klanz2; got it 12:59:29 zakim, mute me 12:59:29 klanz2 should now be muted 12:59:39 + +1.613.726.aabb 12:59:57 + +1.650.380.aacc 13:00:03 Hi 13:00:13 zakim who is here 13:00:23 zakim, who is here 13:00:23 klanz2, you need to end that query with '?' 13:00:25 zakim, aacc is grw 13:00:25 +grw; got it 13:00:28 + +1.781.442.aadd 13:00:32 zakim, ? 13:00:32 I don't understand your question, klanz2. 13:00:54 + +1.443.695.aaee 13:00:56 zakim, who is here ? 13:00:56 On the phone I see +30281039aaaa, klanz2 (muted), +1.613.726.aabb, grw, +1.781.442.aadd, +1.443.695.aaee 13:00:58 On IRC I see EdS, jcc, sean, GilesHogben, grw, klanz2, RRSAgent, Zakim, tlr, trackbot-ng 13:01:31 zakim, call thomas-781 13:01:31 ok, tlr; the call is being made 13:01:33 +Thomas 13:01:38 zakim, drop thomas-781 13:01:38 sorry, tlr, I do not see a party named 'thomas-781' 13:01:42 - +1.443.695.aaee 13:01:43 zakim, drop thomas 13:01:43 Thomas is being disconnected 13:01:43 -Thomas 13:01:45 zakim, call thomas-skype 13:01:45 ok, tlr; the call is being made 13:01:47 +Thomas 13:01:53 zakim, unmute me 13:01:53 klanz2 should no longer be muted 13:01:57 zakim, who is on the phone? 13:01:57 On the phone I see +30281039aaaa, klanz2, +1.613.726.aabb, grw, +1.781.442.aadd, Thomas 13:02:21 + +1.443.695.aaff 13:02:22 zakim, aaaa is giles 13:02:22 +giles; got it 13:02:24 zakim, mute me 13:02:24 klanz2 should now be muted 13:02:30 zakim, aaff is RobMiller 13:02:30 +RobMiller; got it 13:02:44 zakim, aabb is EdSimon 13:02:44 +EdSimon; got it 13:02:58 zakim, 442 is SeanMullen 13:02:58 sorry, tlr, I do not recognize a party named '442' 13:03:04 zakim, aadd is SeanMullen 13:03:04 +SeanMullen; got it 13:03:26 +??P8 13:03:28 Topic: Administrivia: scribe confirmation, next meeting 13:03:35 zakim, ??P8 is JuanCarlosCruellas 13:03:35 +JuanCarlosCruellas; got it 13:04:07 Please identify yourselves :) 13:04:24 yse 13:04:26 yes 13:04:42 Next meeting: 5 June, Frederick to chair, Konrad to scribe 13:04:46 Konrad will scribe next meeting 13:04:49 welcome 13:04:53 Topic: Review and approval of last meeting's minutes 13:04:57 http://www.w3.org/2007/05/22-xmlsec-minutes 13:05:15 No objections to minutes 13:05:16 +R_Salz 13:05:17 RESOLUTION: minutes accepted 13:05:30 Topic: Action item review 13:06:00 zakim, unmute me 13:06:00 klanz2 should no longer be muted 13:06:03 gberezow has joined #xmlsec 13:06:09 Done - share transform that does not depend on input 13:06:14 zakim, mute me 13:06:14 klanz2 should now be muted 13:06:15 by Konrad 13:06:17 ACTION-6 done; discuss at future meeting 13:06:23 ACTION-26 continued 13:06:25 action 6 done - discuss at future mission 13:06:33 Topic: agenda bashing 13:07:16 add a brief excursion into C14N draft? 13:07:59 Topic: Workshop planning 13:08:00 + +1.416.646.aagg 13:08:07 zakim, aagg is gberezow 13:08:07 +gberezow; got it 13:08:15 ACTION-28 moot 13:08:44 ACTION-29 closed 13:08:44 Sorry... I don't know how to close ACTION yet 13:08:52 ACTION-30 closed 13:08:52 Sorry... I don't know how to close ACTION yet 13:08:57 http://www.w3.org/2007/xmlsec/ws/cfp.html 13:09:41 Call to be issued June 6 deadline for papers 14 Aug 13:09:57 IETF has meeting in last week of july - so good for propoganda 13:10:16 zakim, who is on the phone? 13:10:16 On the phone I see giles, klanz2 (muted), EdSimon, grw, SeanMullen, Thomas, RobMiller, JuanCarlosCruellas, R_Salz, gberezow 13:10:17 Review 2nd week of August 13:10:35 q+ giles, klanz2, EdSimon, grw, SeanMullen, RobMiller, JuanCarlosCruellas, gberezow 13:10:39 ack giles 13:11:01 Giles OK for PC work - 2nd HALF of Aug 13:11:12 ack edsimon 13:11:16 ack klanz2 13:11:20 Ed - shoudl be OK but can't guarantee 13:11:33 Konrad - has time - position papers are from where? 13:12:17 TLR - should be within the group - there is some flexibility - you can write the posn paper early 13:12:38 2nd half of Aug to review the pp's we already got and to negotiate the agenda 13:12:44 ack grw 13:12:52 Greg Whitehead - Yes 13:12:56 ack sean 13:12:58 zakim, mute me 13:12:59 klanz2 should now be muted 13:13:01 ack rob 13:13:07 gberezow is ok with 2nd half august 13:13:10 Sean - OK 13:13:17 ack juanCarlos 13:13:26 Rob OK 13:13:35 JuanCarlos - Nope (Holidays) 13:13:41 q? 13:13:46 can work before 13:13:48 ack gberezow 13:14:11 TLR - critical mass for 2nd half Aug 13:14:29 pending availlability of Frederick we should go for this schedule 13:14:54 accepted 13:14:58 timeline seems ok, approved pending availability of Frederick 13:15:15 ACTION-30 done 13:15:15 Action 30 closed 13:15:26 Topic: Current status of drafts: c14n issue with xml:base 13:16:08 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0044.html 13:16:11 Konrad has sent a message to both wg's about xml-base 13:17:02 q+ 13:17:08 ack klanz2 13:17:18 Who can review this issue for a discussion in next call 13:17:22 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/att-0044/Apendix.html 13:17:25 Konrad - note appendix at bottom of message 13:17:39 to see Delta - appended some test-cases 13:17:49 above that is the correct version of the appendix 13:17:59 would like someone who is going to implement to see if he/she agrees 13:18:17 TLR - is that appendix actually normative in C14N 1.1? 13:18:37 Konrad - not sure but would guess it is if implementations are required to use the same cannonical output 13:18:50 There is still some potential to elaborate on details. 13:19:03 TLR - Review before going into details 13:19:04 q+ r_salz, jcc, sean 13:19:07 ack klanz 13:19:09 ack r_salz 13:19:29 ACTION: salz to review Konrad's message re xml:base by next call 13:19:29 Created ACTION-35 - Review Konrad\'s message re xml:base by next call [on Rich Salz - due 2007-06-05]. 13:19:29 ack sean 13:19:33 ack jcc 13:19:48 ACTION: juan carlos to review KonraD's message re xml:base by next call 13:19:48 Sorry, couldn't find user - juan 13:19:50 I'm taking a quick look at c14n 1.1 CR and do not see any indication Appendix A is not normative. 13:20:15 ACTION: cruellas to review KonraD's message re xml:base by next call 13:20:15 Created ACTION-36 - Review KonraD\'s message re xml:base by next call [on Juan Carlos Cruellas - due 2007-06-05]. 13:20:35 ACTION: sean to review Konrad's message re xml:base by next call 13:20:35 Created ACTION-37 - Review Konrad\'s message re xml:base by next call [on Sean Mullan - due 2007-06-05]. 13:20:50 action: ed to review Konrad's message re xml:base by next call 13:20:50 Created ACTION-38 - Review Konrad\'s message re xml:base by next call [on Ed Simon - due 2007-06-05]. 13:20:57 substantive discussion deferred to next call 13:21:17 Topic: Current status of drafts: DSig Core 13:21:38 ACTION-33 closed 13:21:38 Sorry... I don't know how to close ACTION yet 13:21:40 4 proposed changes 13:22:07 ACTION-31, ACTION-32 closed 13:22:12 Action 31 on Juan C to propose a reference processing modelling summary 13:22:24 Sean to propose a different langauge for validator and generator part 13:22:28 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html 13:22:37 mostly done on ML. End of that thread see url above 13:22:50 proposed slightly different text for the note 13:23:04 is there any need for further discussioon of this text 13:23:08 q+ 13:23:12 ack klanz 13:23:15 or do we adopt the editor's draft accordingly 13:23:25 Konrad - do we get a new version of the redline doc? 13:23:54 A search on the word "normative" in c14n 1.1 CR reveals only 1 instance -- that saying only the English version is normative. So it would appear the whole c14n 1.1 CR document, including the appendix, is normative. 13:23:55 TLR: Will send around the editor's draft 13:24:02 have people looked at the text? 13:24:25 would people prefer to see the editor's draft 13:25:13 JC - agree with changes 13:25:19 juan carlos: fine 13:25:23 sean: looks fine 13:25:31 I looked at the text changes and they look fine to me. 13:25:34 ACTION: thomas to update editor's draft according to http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html 13:25:34 Created ACTION-39 - Update editor\'s draft according to http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0042.html [on Thomas Roessler - due 2007-06-05]. 13:25:55 ACTION-19 closed 13:25:55 Sorry... I don't know how to close ACTION yet 13:26:00 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html 13:26:08 q+ 13:26:12 ack klanz 13:26:50 Konrad: had a look at Gregor's message and proposed new text for bullets in section 2. 13:27:14 please copy to chat 13:27:18 please copy to chat 13:27:23 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html 13:27:46 I just try to be precise where DNames appear or not 13:27:56 2. 13:27:57 * The |X509IssuerSerial| element, which contains an X.509 13:27:57 issuer distinguished name/serial number pair. The X.509 13:27:57 issuer distinguished name SHOULD be compliant with the DNAME 13:27:57 encoding rules at the end of this section and the serial 13:27:57 number is represented as a decimal integer, 13:27:59 * The |X509SubjectName| element, which contains an X.509 13:28:01 subject distinguished name that SHOULD be compliant with the 13:28:03 DNAME encoding rules at the end of this section, 13:28:46 Konrad - concerned about & and opening tag bracket but as discussed with Thomas, this can be handled by saying it is text to be added 13:28:52 -klanz2 13:28:57 Should it be done in CDATA section or by escaping? 13:29:04 sorry lost the call 13:29:12 we're waiting for you, please dial in again 13:29:17 zakim, code? 13:29:17 the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), tlr 13:29:18 one sec 13:29:55 konrad, what's going on? 13:30:11 problem with voip client, using phone 13:30:11 should I skype you into the cal? 13:30:16 ok 13:30:18 yes please 13:30:35 shoot, doesn't work 13:30:36 sorry 13:30:40 please try trad phone 13:31:02 works now 13:31:10 no, doesn't work on my side 13:31:39 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html 13:32:45 Topic: Decryption Transform 13:32:50 http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html 13:33:04 Frederick has done some basic edits 13:33:08 http://www.w3.org/2007/xmlsec/Drafts/xmlenc-decrypt.html#sec-xml-processing 13:33:14 first set of edits in processing rules section 13:33:48 there is a definition of decrypt XML and second subpoint of second step deals with inheritance 13:33:48 +??P0 13:33:50 zakim, ? is klanz2 13:33:50 +klanz2; got it 13:34:00 go ahead 13:34:05 sure 13:34:06 please paste into IRC (proposed change) 13:34:17 If a node-set is replacing an element from N whose parent element is not in N, then its apex elements MUST inherit xml:lang and xml:space attributes associated with the XML namespace from the parent element, such as [XML-C14N11]. The xml:base, xml:lang and xml:space attribute from the XML namespace MUST be processed as specified in Canonical XML 1. 13:36:38 Decrypt algorithm in sec 3.1 - main proposed change to replace explicit mention of certain specific attributes according to C14N 1.1 13:37:32 "As a result, D for N is a node-set consisting ..." 13:37:46 In 3.3, below examples is an editorial change to fix erratum 1. 13:38:04 zakim, who is making noise? 13:38:18 tlr, listening for 12 seconds I could not identify any sounds 13:38:54 In 3.4.2, inheriting attributes - ref to C14N - any comments? 13:39:23 q+ 13:39:30 ack klanz2 13:39:33 TLR - propose that at next meeting we propose this draft become last call 13:39:38 http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0000.html 13:40:01 http://lists.w3.org/Archives/Public/xml-encryption/2005Mar/0001.html 13:40:04 Konrad: is this the guy who actually found the problem (see URL) - could we get back to him with some feedback 13:40:12 on how we fixed it 13:40:54 TLR : yes good idea 13:41:01 ACTION: klanz2 to contact CAO Yongsheng confirming treatment of E1 in Decryption Transform 13:41:01 Created ACTION-40 - Contact CAO Yongsheng confirming treatment of E1 in Decryption Transform [on Konrad Lanz - due 2007-06-05]. 13:41:15 zakim, mute jcc 13:41:15 sorry, tlr, I do not know which phone connection belongs to jcc 13:41:19 zakim, mute juancarlos 13:41:19 JuanCarlosCruellas should now be muted 13:41:52 TLR - no comments and no objections to Frederick's changes on Decrypt transform 13:42:17 propose we issue this version with updated namespace URI's 13:42:27 as LC WD at next meeting 13:42:46 if anyone wants to raise review comments, do so next week 13:42:49 topic: signature encore 13:42:56 q+ 13:43:00 ack klanz2 13:43:03 ack klanz 13:43:13 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007May/0041.html 13:43:52 1st bullet step 2 - is basically done 13:44:01 inside the X509 issuer there is a serial 13:44:11 there are 2 values inside - one the DName, the other the SNumber 13:44:20 the previous text was not very concise about this 13:44:31 q+ 13:44:36 but only the DName is affected - just clarified what was affected 13:44:51 next message was the test case - a challenging DName 13:44:53 ack sean 13:45:19 Sean - 1st bullet of second - second sentence is a runon - would just say " 13:45:31 "section and the" -> "section. The" 13:45:43 OK 13:46:04 "The X.509 issuer distinguished name SHOULD be compliant with the DNAME encoding rules at the end of this section. The serial number is represented as a decimal integer." 13:46:18 ack klanz 13:46:46 konrad: The test case - tried to get all escapeable chars in and RFC 2253 compliant 13:46:58 paste into XML problem with & 13:47:13 maybe we need to make explicity need to escape & 13:47:25 give guidance on whether to escape or put into CDATA 13:47:47 as long as people don't touch it until verification it won't affect a lot 13:48:00 in many cases the keyinfo is not signed but in some cases it is 13:48:08 not sure if it's really a problem 13:48:11 q+ 13:48:46 Konrad - you can identify the key either by supplying it as a cert 13:49:05 q+ 13:49:16 just needs to be identified , and can also be signed to ensure non-substitution 13:49:52 when you're identifying it you have to do it in CDATA - otherwise you break the XML 13:50:01 ack sean 13:50:14 Sean: I'll take an action to look at what our implementation does 13:50:22 ACTION: sean to check his implementation wrt DNAME erratum 13:50:22 Created ACTION-41 - Check his implementation wrt DNAME erratum [on Sean Mullan - due 2007-06-05]. 13:50:57 TLR - worth having a look at testcase 13:50:58 ack jcc 13:51:03 zakim, unmute juancarlos 13:51:03 JuanCarlosCruellas should no longer be muted 13:51:37 JC: Looks like there was a common view that the text of the Dname should be put in a CDATA section 13:51:54 but reading the text, it clearly speaks about escaping & and "-" 13:52:00 q+ 13:52:19 i.e. the text is saying to escape it in the XML - not in CDATA 13:52:57 values may be used for comparing values of DName by other apps - like Xades [?] 13:53:17 In order to check if the cert used for generating the sig is the one referenced 13:53:29 you have to check the one used with the DName string 13:53:38 so it may break an app 13:54:06 Also, strings in DNames (X509IssuerSerial,X509SubjectName, and KeyName if approriate) should be encoded as follows: 13:54:40 TLR: this is not an ecoding which deals with making it XML Safe - it's to do with backslash character 13:54:44 q+ 13:54:59 so can't see in rec text that there is entity encoding explicitlyl 13:55:02 ack klanz2 13:55:07 ack klanz 13:55:15 Konrad: also has same perception as JC 13:55:29 a lot of people seem to interpret it that way 13:55:45 in a lot of cases where encoding of entities is needed, it's done rather than being put into CDATA section 13:55:59 the spec is silent about what should happen 13:56:11 TLR: isn't that silence the right thing 13:56:17 q 13:56:20 q+ 13:56:53 Ed: Silence is not the right thing 13:56:56 q+ 13:57:47 Suggest we continue the discussion on /2007May/0041.html next week so we can think about this more over the week. 13:57:47 ack giles 13:57:54 ack klanz 13:57:55 +1 to ed 13:58:10 Konrad - silence would be good if it would canonicalize 13:58:17 btw, I (Ed) was not the one saying "Silence is not the right thing" 13:58:28 but don't see how strings in XML are to be canonicalised if signed 13:58:42 rather have it robust than lose canonicalisation 13:58:55 s/Ed: Silen/Sean: Silen/ 13:59:27 TLR: There is a canicalisation step before things are signed and hashed 14:00:02 Action is on JC and Konrad to come up with an example where the current silence can break an app 14:00:17 ACTION: cruellas to produce example for breakage due to current E01 language 14:00:17 Created ACTION-42 - Produce example for breakage due to current E01 language [on Juan Carlos Cruellas - due 2007-06-05]. 14:00:18 JC: agrees 14:00:33 ACTION: klanz to produce example for breakage due to current E01 language 14:00:33 Sorry, couldn't find user - klanz 14:00:38 Konrad: agres 14:00:40 agrees 14:01:21 http://www.w3.org/TR/xml-c14n11/ (section 1.1 says CDATA sections are replaced with their character content) 14:01:30 -grw 14:01:34 -gberezow 14:01:36 -SeanMullen 14:01:36 -R_Salz 14:01:38 -RobMiller 14:01:40 -JuanCarlosCruellas 14:01:40 zakim, list participant 14:01:41 I don't understand 'list participant', tlr 14:01:44 -EdSimon 14:01:45 zakim, list participants 14:01:46 As of this point the attendees have been +30281039aaaa, klanz2, +1.613.726.aabb, +1.650.380.aacc, grw, +1.781.442.aadd, +1.443.695.aaee, Thomas, +1.443.695.aaff, giles, RobMiller, 14:01:49 ... EdSimon, SeanMullen, JuanCarlosCruellas, R_Salz, +1.416.646.aagg, gberezow 14:01:52 rrsagent, make this record public 14:01:57 rragent, please draft minutes 14:02:15 can I listen in 14:02:27 rrsagent, draft minutes 14:02:27 I have made the request to generate http://www.w3.org/2007/05/29-xmlsec-minutes.html tlr 14:02:28 as I'll scribe next time 14:04:06 zakim, unmute me 14:04:06 klanz2 was not muted, klanz2 14:04:47 -giles 14:04:57 jcc has left #xmlsec 14:12:53 exit 14:12:59 -Thomas 14:13:03 -klanz2 14:13:04 T&S_XMLSEC()9:00AM has ended 14:13:06 Attendees were +30281039aaaa, klanz2, +1.613.726.aabb, +1.650.380.aacc, grw, +1.781.442.aadd, +1.443.695.aaee, Thomas, +1.443.695.aaff, giles, RobMiller, EdSimon, SeanMullen, 14:13:08 ... JuanCarlosCruellas, R_Salz, +1.416.646.aagg, gberezow 14:13:31 zakim, who is on the phone 14:13:31 I don't understand 'who is on the phone', klanz2 14:13:39 zakim, who is on the phone ? 14:13:39 apparently T&S_XMLSEC()9:00AM has ended, klanz2 14:13:40 On IRC I see GilesHogben, klanz2, RRSAgent, Zakim, tlr, trackbot-ng 16:29:24 Zakim has left #xmlsec