IRC log of xmlsec on 2007-06-12

Timestamps are in UTC.

12:40:08 [RRSAgent]
RRSAgent has joined #xmlsec
12:40:08 [RRSAgent]
logging to
12:40:16 [klanz2]
klanz2 has joined #xmlsec
12:41:05 [klanz2]
Hello, we are starting in 20 mins right ...
12:41:11 [tlr]
12:42:22 [fjh]
fjh has joined #xmlsec
12:42:54 [rdmiller]
rdmiller has joined #xmlsec
12:44:54 [fjh]
Zakim, this will be XMLSEC
12:44:54 [Zakim]
ok, fjh; I see T&S_XMLSEC()9:00AM scheduled to start in 16 minutes
12:45:17 [fjh]
Meeting: XML Security Specifications Maintenance WG Conference Call
12:45:26 [fjh]
Chair: Frederick Hirsch
12:45:44 [fjh]
Scribe: Donald Eastlake
12:46:16 [fjh]
12:46:32 [fjh]
RRSAgent, make log public
12:49:22 [PHB]
PHB has joined #xmlsec
12:52:08 [grw]
grw has joined #xmlsec
12:52:18 [Zakim]
T&S_XMLSEC()9:00AM has now started
12:52:25 [Zakim]
12:53:56 [Sean]
Sean has joined #xmlsec
12:56:04 [PHB]
The power of reference - traffic on my blog up by 2,000 hits in past hour after link from a big blog
12:56:15 [tlr]
who linked to you?
12:56:29 [fjh]
what is the URI for your blog? :)
12:56:29 [PHB]
Talking Points Memo,
12:56:39 [PHB]
12:57:12 [deastl]
deastl has joined #xmlsec
12:57:24 [tlr]
ScribeNick: deastl
12:58:06 [Zakim]
+ +aaaa
12:58:32 [tlr]
zakim, call thomas-781
12:58:32 [Zakim]
ok, tlr; the call is being made
12:58:33 [Zakim]
12:58:54 [tlr]
zakim, aaaa is deastl
12:58:54 [Zakim]
+deastl; got it
12:58:56 [jcc]
jcc has joined #xmlsec
12:59:05 [fjh]
zakim, who is on the call?
12:59:05 [Zakim]
On the phone I see Frederick_Hirsch, deastl, Thomas
12:59:40 [tlr]
zakim, I am thomas
12:59:40 [Zakim]
ok, tlr, I now associate you with Thomas
12:59:45 [Zakim]
13:00:05 [Zakim]
13:01:00 [tlr]
phb, re your blog item: 10 person-years are dirt cheap, you just need to recruit them in the right places, or with the right incentives.
13:01:25 [fjh]
13:01:31 [tlr]
in a TV report about labor in china, the other day, the key quote was: "Oh yes, it's manual labor, otherwise it's not so cheap"
13:01:36 [Zakim]
13:01:41 [tlr]
s/phb, re your blog item: 10 person-years are dirt cheap, you just need to recruit them in the right places, or with the right incentives.//
13:01:46 [tlr]
s/in a TV report about labor in china, the other day, the key quote was: "Oh yes, it's manual labor, otherwise it's not so cheap"//
13:02:18 [Zakim]
13:02:42 [deastl]
rdmiller says he is not on IRC due to web proxy problems
13:04:00 [fjh]
zakim, who is on the call?
13:04:00 [Zakim]
On the phone I see Frederick_Hirsch, deastl, Thomas, grw, sean, RobMiller, Hal_Lockhart
13:04:08 [Zakim]
13:04:14 [tlr]
zakim, ??P6 is jcc
13:04:14 [Zakim]
+jcc; got it
13:04:58 [tlr]
Topic: administrvia
13:05:05 [deastl]
Topic: Administrative
13:05:30 [deastl]
chair: looking for scribes for future calls
13:06:14 [deastl]
chair: request for eview by another W3C group to review material, see link in agenda
13:06:23 [fjh]
008 plenary:
13:06:30 [fjh]
13:06:38 [Zakim]
13:06:41 [hal]
hal has joined #xmlsec
13:06:53 [fjh]
pls review widget signing
13:06:57 [deastl]
chair: Hal ageed to scribe on the 26th, still look for scribe to the 19th
13:07:04 [deastl]
Topic: minutes from last time
13:07:22 [deastl]
Chair: any comments?
13:07:33 [tlr]
13:07:37 [deastl]
Chair: none, minutes approved
13:07:40 [tlr]
13:07:46 [tlr]
zakim, who is muted?
13:07:46 [Zakim]
I see no one muted
13:07:50 [tlr]
zakim, mute me
13:07:50 [Zakim]
Thomas should now be muted
13:07:56 [deastl]
Topic: review of actions
13:07:59 [tlr]
zakim, unmute me
13:07:59 [Zakim]
Thomas should no longer be muted
13:08:07 [tlr]
ACTION-26 continued
13:08:11 [deastl]
chair: Action 26 - open
13:08:20 [deastl]
chair: action 35 open
13:08:44 [tlr]
ACTION-36 continued
13:08:45 [deastl]
chair" action 36 to be reviewed by Juan Carlos - open
13:08:50 [tlr]
13:09:00 [deastl]
chair: action 37: to be revied by shaun open
13:09:23 [deastl]
chair: 41 review implementation, not captured in previous minutes, closed
13:09:41 [deastl]
chair: 42 Juan Crlos producing an example. done,
13:09:49 [klanz2]
calling in
13:09:56 [tlr]
konrad is not yet on the phone?
13:10:03 [klanz2]
finished, mail to the list first
13:10:07 [deastl]
chair: 43 Conrad to produce examples, done??
13:10:12 [fjh]
zakim, who is on the call?
13:10:12 [Zakim]
On the phone I see Frederick_Hirsch, deastl, Thomas, grw, sean, RobMiller, Hal_Lockhart, jcc, PHB
13:10:18 [tlr]
konrad, how about joining?
13:10:22 [tlr]
zakim, code?
13:10:22 [Zakim]
the conference code is 965732 (tel:+1.617.761.6200 tel:+ tel:+44.117.370.6152), tlr
13:10:28 [deastl]
chair: leave 43 open to be conservative
13:10:33 [deastl]
chair: 44 closed, update the draft
13:10:53 [klanz2]
13:11:01 [deastl]
chair: 45, done
13:11:07 [deastl]
chair: 46, done
13:11:43 [deastl]
chair: 47, decryption update draft, done
13:11:47 [Zakim]
13:11:50 [Zakim]
13:12:05 [tlr]
zakim, ??P8 is konrad
13:12:05 [Zakim]
+konrad; got it
13:12:08 [Zakim]
13:12:12 [deastl]
chair: 48, proposal to resolve issue
13:12:14 [klanz2]
got kicked out
13:12:21 [deastl]
jcc: 48 still open
13:12:31 [Zakim]
13:13:17 [deastl]
tlr: Action 39 shows open, would like to close it as done
13:13:24 [deastl]
chair: OK, close 39
13:13:46 [deastl]
chair: if/when Konrad come back talk about 49, 43
13:13:51 [deastl]
Topic: workshop
13:14:12 [deastl]
chair: Have revised CFP. Ready for release?
13:14:23 [Zakim]
13:14:26 [deastl]
tlr: Have already submittted to W3C mgmt for approval
13:14:30 [deastl]
chair: what next
13:14:32 [tlr]
zakim, ??P8 is klanz2
13:14:32 [Zakim]
+klanz2; got it
13:14:35 [klanz2]
zakim, +??P8 is klanz2
13:14:35 [Zakim]
sorry, klanz2, I do not recognize a party named '+??P8'
13:14:47 [deastl]
tlr: next, have set up mailing list to receive position papers
13:14:55 [klanz2]
zakim, ? is klanz2
13:14:55 [Zakim]
sorry, klanz2, I do not recognize a party named '?'
13:15:05 [deastl]
tlr: hope can announce tomorrow morning so we can start recruiting
13:15:20 [klanz2]
zakim, klanz2 is +??P8
13:15:20 [Zakim]
++??P8; got it
13:15:21 [deastl]
tlr: then get nervous because people ususally submit at deadline
13:15:44 [deastl]
chiar: sticking with 25/26 September dates, hosted at Verisgin?
13:15:51 [deastl]
tlr: Yes, hosting confirmed.
13:16:16 [deastl]
chair: didn't change due to short timeline, etc.
13:16:25 [tlr]
zakim, who is on the phone?
13:16:25 [Zakim]
On the phone I see Frederick_Hirsch, deastl, Thomas, sean, RobMiller, Hal_Lockhart, jcc, PHB, grw, +??P8
13:16:32 [deastl]
chair: Phil, give him action to create logistics page?
13:16:57 [PHB]
sorry, got asked question
13:17:24 [deastl]
tlr: will need logistics page with hotels, etc. Generally detailed logistics page only available to registrants
13:17:50 [deastl]
tlr: happy to make an Action or just trust PHB to handle it
13:18:07 [fjh]
ACTION: phb to create workshop logistics page
13:18:07 [trackbot-ng]
Created ACTION-50 - Create workshop logistics page [on Phillip Hallam-Baker - due 2007-06-19].
13:18:12 [deastl]
tlr: By mid-
13:18:22 [deastl]
tlr: by mi-July is fine
13:18:47 [deastl]
tlr: Critical for people to do outreach of CFP
13:19:03 [tlr]
Topic: action items (2)
13:19:16 [deastl]
chair: Konrad, status of Action 43?
13:19:36 [deastl]
Konrad: should be closed. Original breakage example has been clarified
13:19:43 [tlr]
ACTION-43 closed
13:19:43 [trackbot-ng]
Sorry... I don't know how to close ACTION yet
13:20:03 [deastl]
Konrad: discharged on original brakage issue
13:20:20 [deastl]
chair: Action 49 Konrad?
13:20:33 [deastl]
Konrad: That one is also completed. Examples sent to list today.
13:20:42 [tlr]
ACTION-49 closed
13:20:42 [trackbot-ng]
Sorry... I don't know how to close ACTION yet
13:20:43 [tlr]
13:20:54 [klanz2]
13:21:05 [klanz2]
Action-49: ""
13:21:13 [deastl]
chair: action items and workshop review completed
13:21:20 [deastl]
Topic: Decyrption transforms
13:21:36 [klanz2]
13:21:44 [deastl]
chair: Have fixed for canonicalization 1.1, next step move to public review
13:21:46 [tlr]
13:21:57 [deastl]
chair: don't think people have looked at it, no reason not to give people another week to review
13:22:15 [deastl]
chair: OK, that plan accepted
13:22:40 [deastl]
Topic: Distinguished Names
13:23:14 [fjh]
"compliant with RFC2253" or "compliant with the DNAME processing rules at end of section"
13:23:25 [deastl]
chair: We change the bullet list (agenda 6a) ...current editor's draft incorrect
13:23:26 [klanz2]
13:23:38 [fjh]
current proposal:
13:23:46 [klanz2]
13:23:51 [deastl]
chair: Konrad has put a proposal on the list which restored bullet items
13:24:10 [deastl]
chair: do we want to make this change? What we have no is not quite right
13:24:44 [deastl]
chair: Are we ok with Konrad's change? Should we post it to chat?
13:25:15 [klanz2]
13:25:15 [klanz2]
As I wrote in [4] already
13:25:15 [klanz2]
The text says:
13:25:15 [klanz2]
"At least one element, from the following ... "
13:25:15 [klanz2]
So the bullet points will still have to enumerate the the choice of
13:25:16 [klanz2]
elements within the content of |X509Data| which is not the case in the
13:25:18 [klanz2]
current red line document ... and will need to be changed to something like the following:
13:25:20 [klanz2]
13:25:22 [klanz2]
> * The |X509IssuerSerial| element, which contains an X.509
13:25:24 [klanz2]
> issuer distinguished name/serial number pair. The distinguished
13:25:26 [klanz2]
> name SHOULD be compliant with the DNAME
13:25:28 [klanz2]
> encoding rules at the end of this section and the serial
13:25:30 [klanz2]
> number is represented as a decimal integer,
13:25:32 [klanz2]
> * The |X509SubjectName| element, which contains an X.509
13:25:34 [klanz2]
> subject distinguished name that SHOULD be compliant with the
13:25:36 [klanz2]
> DNAME encoding rules at the end of this section,
13:25:38 [klanz2]
13:25:40 [klanz2]
13:25:40 [jcc]
13:26:08 [fjh]
ack jcc
13:26:21 [jcc]
13:26:28 [deastl]
jcc: I send some comments a few days ago
13:26:49 [deastl]
jcc: First bullet is OK
13:26:50 [jcc]
13:26:50 [jcc]
>> distinguished
13:26:50 [jcc]
>> name SHOULD be compliant with the DNAME
13:26:50 [jcc]
>> encoding rules at the end of this section and the serial
13:26:50 [jcc]
>> number is represented as a decimal integer,
13:27:25 [deastl]
jcc: "and number is reperested by a decimal integer" is not necssary as schema says that
13:27:29 [klanz2]
I'm not strong about this ...
13:28:10 [klanz2]
13:28:20 [fjh]
ack klanz
13:28:49 [Sean]
13:28:50 [deastl]
Konrad: Don't see harm in having this in both the text and schema
13:29:02 [deastl]
tlr: we are dealing with Erratum 1
13:29:26 [fjh]
E01 2002-01-28 (Editorial):
13:29:35 [klanz2]
N.B.: the bullet points will still have to enumerate the the choice of
13:29:35 [klanz2]
elements within the content of |X509Data|
13:29:40 [fjh]
13:29:48 [deastl]
tlr: DNAME rules, which take precidence, are subtly different from RFC 2253... what does this have to do with schema values?
13:30:42 [deastl]
chair: are we going beyond the Errata
13:31:04 [deastl]
chair: any other opinions, would like to resolve
13:31:29 [Sean]
I agree with jcc, no need to mention serial number in first bullet.
13:31:59 [Zakim]
13:32:00 [deastl]
chair: maybe way forward is to remove that
13:32:01 [klanz2]
s/and the serial number is represented as a decimal integer//
13:32:11 [deastl]
tlr: can Konrad type updated text
13:32:44 [klanz2]
13:32:44 [klanz2]
> * The |X509IssuerSerial| element, which contains an X.509
13:32:44 [klanz2]
> issuer distinguished name/serial number pair. The distinguished
13:32:44 [klanz2]
> name SHOULD be compliant with the DNAME
13:32:44 [klanz2]
> encoding rules at the end of this section,
13:32:45 [klanz2]
> * The |X509SubjectName| element, which contains an X.509
13:32:47 [klanz2]
> subject distinguished name that SHOULD be compliant with the
13:32:49 [klanz2]
> DNAME encoding rules at the end of this section,
13:33:00 [deastl]
chair: proposal becomes what the Errata tried to say originally
13:33:32 [deastl]
Konrad: No, actually we removed the first two bullet points and merged..
13:33:53 [deastl]
fjh: reads awkwardly
13:34:14 [deastl]
chair: OK with approving
13:34:23 [klanz2]
+1 to fjh
13:34:46 [tlr]
13:34:54 [Zakim]
13:34:57 [jcc]
13:35:02 [deastl]
chair: OK, get red line fixed and then consider approving whole section
13:35:04 [tlr]
phill, did the connection drop suddenly?
13:35:21 [deastl]
chair: any objection to tentative approve understanding we will re-reveiw whole section
13:35:43 [PHB]
No, I just moved to my upstairs office
13:35:54 [deastl]
(no ojbections)
13:36:06 [tlr]
ah, good
13:36:16 [fjh]
RESOLUTION: Adopt change as noted above to 4.4.4 first 2 bullets, then review 4.4.4 as a whole later
13:36:49 [klanz2]
13:36:49 [klanz2]
I also believe we agree on the following mentioned in [5] about the
13:36:49 [klanz2]
DNAME escaping rules at the end of the section:
13:36:49 [klanz2]
> I would assume that leading spaces have been forgotten to be mentioned
13:36:49 [klanz2]
> in the first sub point of the second bullet point.
13:36:50 [deastl]
RRSAgent, where am I?
13:36:50 [RRSAgent]
13:36:50 [klanz2]
> This position is also supported by the examples given in
13:36:52 [klanz2]
> .
13:37:14 [fjh]
13:37:18 [fjh]
original was:
13:37:20 [fjh]
"Also, strings in DNames (X509IssuerSerial,X509SubjectName, and
13:37:29 [fjh]
KeyName if approriate) should be encoded as follows:"
13:37:33 [fjh]
now in red-line:
13:37:40 [fjh]
"DNames (X509IssuerSerial, X509SubjectName, and KeyName if
13:37:49 [fjh]
appropriate) should be encoded in accordance with RFC2253 [LDAP-DN]
13:37:57 [fjh]
except for the encoding of string values within a DName:"
13:38:33 [deastl]
Topic: Optionality of DNAME encoding rules
13:38:48 [deastl]
chair: Konrad said it should be optional
13:39:03 [deastl]
chair: Do we agree, should we captialize SHOULD?
13:40:13 [deastl]
konrad: I had a closer look at postings to list of test cases. Speaks about DNAME encloding rules in such a way to imply it should be optional
13:40:27 [deastl]
deastl: I don't remember
13:40:39 [klanz2]
some evidence:
13:40:39 [klanz2]
[2] says: "The following example set contains test vectors for the
13:40:39 [klanz2]
13:40:39 [klanz2]
[3] says: "
13:40:39 [klanz2]
* The |X509IssuerSerial| element, which contains an X.509 issuer
13:40:40 [klanz2]
distinguished name/serial number pair that SHOULD be compliant
13:40:42 [klanz2]
with RFC2253 [LDAP-DN
13:40:44 [klanz2]
13:40:46 [klanz2]
* The |X509SubjectName| element, which contains an X.509 subject
13:40:48 [klanz2]
distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN
13:40:50 [klanz2]
13:40:53 [klanz2]
13:40:54 [klanz2]
[3] only says: "... should be encoded ... " where should is written in
13:40:56 [klanz2]
small capitalization to the additional rules
13:40:56 [deastl]
chair: what does optionality mean for interoperability...?
13:40:58 [klanz2]
I hence conclude the only normative statement in the original text is
13:41:00 [klanz2]
that "distinguished names SHOULD be compliant with RFC2253".
13:41:02 [klanz2]
13:41:04 [klanz2]
13:41:22 [tlr]
13:41:30 [fjh]
ack sean
13:41:30 [klanz2]
+1 to sean
13:41:41 [fjh]
ack Thomas
13:41:43 [deastl]
should stry to stay within RFC 2253
13:42:22 [deastl]
Greg: doesn't seem like we can make a statement any stronger than should
13:42:32 [fjh]
greg: cannot go beyond SHOULD with errata
13:42:38 [deastl]
r: mistake is about not escaping leading white space?
13:42:48 [deastl]
13:43:12 [deastl]
tlr: RFC 2253 says deal with UTF-8 by escaping some characters with backslash
13:43:26 [klanz2]
13:43:51 [deastl]
tlr: is an implementation that uses \20 for space compliant or marginal?
13:44:10 [deastl]
tlr: probably any reasonable implementation will understandt \20
13:44:21 [fjh]
ack klanz
13:44:50 [deastl]
Konrad: RFC 2253 only talks about he first and last white space if any in a string, interior space can be escaped as \20
13:45:08 [deastl]
Konrad: some implementations might work but, strictly speaking, it does not comply
13:45:30 [deastl]
chair: Do we agree that we can't go beyond "should" because we are doing Errata
13:46:30 [klanz2]
Additionally some text like the following might do the trick for support
13:46:30 [klanz2]
legacy signatures:
13:46:30 [klanz2]
> For legacy support please note, that applications receiving signatures containing DNAMES having AttributeValues terminated by "\20"
13:46:30 [klanz2]
> are RECOMMENDED to treat an "\20" escaped character at the end of an AttributeValue as if they were normal escaped space characters "\ " conformant to section 2.4 of RFC 2253. Do not convert "\20" to "\ " if the DNAME in question is signed.
13:47:05 [deastl]
Is it fair to current implementations to change the rules, even to a should
13:47:22 [tlr]
13:47:45 [fjh]
ack Thomas
13:47:47 [klanz2]
13:48:27 [deastl]
tlr: This is murky territory. Dealing with RFC 2253 which isn't that clear and interacting with other specs...
13:48:47 [klanz2]
-1 to tlr
13:49:14 [deastl]
tlr: suggest sticking to current Errata. Before resolving this Errata, someone whould construct a number of simple test cases and try them on existing implementations.
13:49:35 [fjh]
13:49:37 [deastl]
tlr: The best we can do is to try to figure out how people have interpreeted the spec
13:50:18 [deastl]
tlr: Have specific rule on the leading/traing white space seems too deep in details...
13:50:18 [fjh]
ack klanz
13:50:42 [deastl]
Konrad: I disagree. We can do it better and be backward compatible. Collateral damage will be essentially null.
13:51:12 [fjh]
ack fjh
13:51:13 [deastl]
Konrad: leading/traiing white space should almost never occur in certificates... but should allow old practice
13:51:47 [deastl]
fjh: heard two things: red-line has change based on Errata, uses lower case should. That does not seem controversial.
13:51:50 [tlr]
13:52:05 [deastl]
fjh: But Konrad is suggesting enhacing with further text. Is that right?
13:52:06 [fjh]
ack thomas
13:52:43 [klanz2]
13:52:47 [deastl]
tlr: the one normativity change we are making is to item 1 where we are saying "SHOULD" be compatible to DNAME encoding rules
13:52:58 [deastl]
tlr: No longer making only informational change
13:53:06 [fjh]
ack klanz
13:53:41 [deastl]
Konrad: we are fixing an internal contradicition. It used to say should follow RFC 2253 but then gave slightly different rules...
13:54:40 [deastl]
tlr: Can read RFC 2253 to give format and rules for generating that format. Rules are partially optional.
13:55:26 [deastl]
tlr: xmlsig rules can be interpreted in a way consisten with normative rules in RFC 2253 in such a way as to be not contradictory
13:55:56 [deastl]
tlr: Disagree with Konrad's statement that there is a contradiction
13:56:16 [deastl]
Konrad: can give contractory examples
13:56:24 [deastl]
tlr:Not clear to me...
13:57:04 [deastl]
chair: need action(s) to clear this up. tlr has mentioned examples.
13:57:15 [deastl]
tlr: missing converting back rules
13:57:37 [klanz2]
13:57:50 [deastl]
chair: tlr, can you put stuff on list to explain
13:58:03 [deastl]
chair: can anyone else on call help?
13:58:27 [deastl]
chair: we need more infor. Can't go forward otherwise
13:58:54 [deastl]
chair: Best thing for Thomas to put a message on the list...
13:59:22 [deastl]
chiar: People on call should look at agenda, at other DNAME items, so we can get it right for the next call
13:59:39 [deastl]
chair: anything we can do on the list would help
13:59:41 [tlr]
14:00:06 [deastl]
chair: I'll try to speed up the Action item portion of calls.
14:00:24 [deastl]
chair: anyting else for remaining minute of call?
14:00:40 [deastl]
chair: Konrad, tlr, ..., any furhter suggestion for how to make progress?
14:01:58 [deastl]
Konrad:The suggestion should affect only future coreated signtures, like the changes we made re Canonicalization 1.1...
14:02:14 [klanz2]
I 'll have to go now
14:02:35 [klanz2]
+1 to tlr
14:02:45 [klanz2]
I'll be on the list
14:02:53 [deastl]
tlr: One more thing: dealing with references to an obsoleded RFC. I'm checking the new replacemented to see if it is relevant.
14:03:15 [fjh]
ACTION: tlr to see if RFC4514 is consistent with dsig encoding rules
14:03:15 [trackbot-ng]
Created ACTION-51 - See if RFC4514 is consistent with dsig encoding rules [on Thomas Roessler - due 2007-06-19].
14:03:24 [tlr]
and, indeed, it is!
14:03:35 [Zakim]
14:03:36 [deastl]
chair: ajourn
14:03:36 [Zakim]
14:03:37 [Zakim]
14:03:39 [Zakim]
14:03:41 [Zakim]
14:03:43 [Zakim]
14:03:45 [Zakim]
14:03:49 [Zakim]
- +??P8
14:03:51 [Zakim]
14:03:53 [Zakim]
14:03:56 [Zakim]
T&S_XMLSEC()9:00AM has ended
14:03:57 [Zakim]
Attendees were Frederick_Hirsch, +aaaa, Thomas, deastl, grw, sean, RobMiller, Hal_Lockhart, jcc, PHB, konrad, +??P8
14:06:21 [fjh]
Thank you Donald for scribing.
14:06:44 [tlr]
rrsagent, please draft minutes
14:06:44 [RRSAgent]
I have made the request to generate tlr
14:06:50 [tlr]
rrsagent, please make this record public
16:25:43 [Zakim]
Zakim has left #xmlsec
17:48:04 [PHB]
PHB has left #xmlsec