12:04:20 RRSAgent has joined #xmlsec 12:04:20 logging to http://www.w3.org/2007/08/14-xmlsec-irc 12:04:22 RRSAgent, make logs public 12:04:23 Zakim has joined #xmlsec 12:04:25 Zakim, this will be XMLSEC 12:04:25 ok, trackbot-ng; I see T&S_XMLSEC()9:00AM scheduled to start in 56 minutes 12:04:27 Meeting: XML Security Specifications Maintenance Working Group Teleconference 12:04:29 Date: 14 August 2007 12:47:39 sean has joined #xmlsec 12:49:13 fjh has joined #xmlsec 12:49:15 rmiller3 has joined #xmlsec 12:50:19 Zakim, this will be XMLSEC 12:50:19 ok, fjh; I see T&S_XMLSEC()9:00AM scheduled to start in 10 minutes 12:50:29 Meeting: XML Security Specifications Maintenance WG Conference Call 12:50:37 Chair: Frederick Hirsch 12:50:49 Scribe: Sean Mullan 12:51:15 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0038.html 12:54:49 RRSAgent, make log public 12:55:45 T&S_XMLSEC()9:00AM has now started 12:55:51 +fjh 12:56:35 +sean 12:56:56 + +1.410.695.aaaa 12:57:17 zakim, aaaa is Rob Miller 12:57:17 I don't understand 'aaaa is Rob Miller', fjh 12:57:27 zakim, +aaa is rmiller3 12:57:27 sorry, fjh, I do not recognize a party named '+aaa' 12:57:33 zakim, call thomas-781 12:57:33 ok, tlr; the call is being made 12:57:34 +Thomas 12:57:47 zakim, mute me 12:57:47 sorry, tlr, I do not know which phone connection belongs to you 12:57:49 zakim, I am thomas 12:57:49 ok, tlr, I now associate you with Thomas 12:57:51 zakim, mute me 12:57:51 Thomas should now be muted 12:58:03 zakim +aaa is rmiller3 12:58:31 zakim, aaaa is rmiller3 12:58:31 +rmiller3; got it 12:58:46 zakim, mute me 12:58:46 rmiller3 should now be muted 12:59:28 zakim, who is making noise? 12:59:39 fjh, listening for 10 seconds I heard sound from the following: fjh (15%), sean (9%) 12:59:57 hal has joined #xmlsec 13:00:42 +Ed_Simon 13:00:46 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0038.html 13:01:01 +Hal_Lockhart 13:01:14 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0038.html 13:01:29 TOPIC: Administrivia 13:01:40 Tuesday 21 August, Scribe: Giles Hogben 13:01:44 EdS has joined #xmlsec 13:01:48 Tuesday 28 August, Scribe: Phill Hallam-Baker 13:02:04 fjh: workshop papers due today 13:02:15 ... 6 or 7 submitted so far 13:02:35 you can always update ;) 13:03:13 RESOLUTION: last week minutes approved 13:03:19 zakim, unmute me 13:03:19 Thomas should no longer be muted 13:03:54 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0024.html 13:04:29 zakim, mute me 13:04:29 Thomas should now be muted 13:04:48 I am ready 13:04:54 ... to deal with actions in tracker 13:05:10 ACTION-50 will happen today 13:05:39 ACTION-68 to be reviewed later by sean 13:05:55 ACTION-71 open 13:06:11 ACTION-72 open 13:06:28 ACTION 73: wait for Konrad to confirm if closed 13:06:37 ACTION-75: open 13:06:48 ACTION-76 closed 13:06:48 Sorry... I don't know how to close ACTION yet 13:07:06 ACTION-77: closed 13:07:14 ACTION-77 closed 13:07:14 Sorry... I don't know how to close ACTION yet 13:07:36 ACTION-78 closed 13:07:36 Sorry... I don't know how to close ACTION yet 13:07:52 TOPIC: XML Signature Draft 13:08:29 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0010.html 13:08:48 tlr has left #xmlsec 13:08:52 tlr has joined #xmlsec 13:09:04 fjh: ACTION-77 should be done 13:09:21 zakim, unmute me 13:09:21 Thomas should no longer be muted 13:09:25 fjh: ACTION-76 should be done, does everyone agree? 13:09:33 zakim, mute me 13:09:33 Thomas should now be muted 13:09:38 EdS: looks ok to me 13:09:39 Looked good to me. 13:10:02 klanz2 has joined #xmlsec 13:10:02 c14n11 alg change - http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-Canonical11 13:11:11 http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-URI 13:11:20 for same-document red-line 13:11:46 In this specification, a 'same-document' reference is defined as a URI-Reference that 13:11:52 consists of a hash sign ('#') followed by a fragment or alternatively consists of an empty URI [URI]. 13:12:49 +??P0 13:12:50 zakim, ? is klanz2 13:12:51 +klanz2; got it 13:13:57 konrad: looks good, want to take another look at it 13:14:00 zakim, mute me 13:14:00 Thomas was already muted, tlr 13:14:12 ACTION-78, adding a editors note/warning about C14N11 Appendix A 13:14:18 http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Aug/0017.html 13:14:31 Editors Note: There has been a correction to Appendix A of the C14N11 Candidate Recommendation. This correction is available 13:14:39 at http://lists.w3.org/Archives/Public/public-xml-core-wg/2007Jun/att-0050/Apendix_20060625.html. The XML Security 13:14:47 Specifications Maintenance WG anticipates this change will be adopted as part of C14N11 CR review and will use this update to 13:14:47 zakim, unmute me 13:14:47 Thomas should no longer be muted 13:14:53 Appendix A for Interop testing. 13:15:27 URI-Literal/RFC 2732 fix 13:15:46 Remove from Section 4.3.3.1, "The URI Attribute, the following text: 13:15:54 "However, some Unicode characters are disallowed from URI references 13:16:01 including all non-ASCII characters and the excluded characters listed 13:16:08 in RFC3986 [URI, section 2.4]. However, the number sign (#), percent 13:16:15 sign (%), and square bracket characters re-allowed in RFC 2732 [URI- 13:16:22 Literal] are permitted." 13:16:31 Change "Disallowed characters must be escaped as follows:" 13:16:38 "Characters disallowed in URI references by [URI] MUST be escaped as 13:16:45 specified in [URI]:" 13:16:51 Remove URI-Literal from list of references 13:17:31 zakim, unmute me 13:17:31 klanz2 should no longer be muted 13:17:34 q+ 13:17:56 http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-URI 13:17:59 ack klanz 13:18:15 fjh: not in redline yet 13:19:23 klanz2: clarify that validating implementations need to be able to treat escaping/not escaping 13:20:38 RESOLUTION: changes are accepted, put in redline document 13:21:04 Replace "Support of the xpointer() scheme [XPointer-xpointer] beyond 13:21:11 the minimal usage discussed in this section is discouraged." with 13:21:15 q? 13:21:20 "[XPointer-xpointer] is in Working Draft status as of publication of 13:21:27 this edition of XML Signature. Therefore, support of the xpointer() 13:21:34 scheme beyond the minimal usage discussed in this section is 13:21:41 discouraged." 13:22:54 klanz2: concerned whether discouraging is the right thing to do 13:23:06 q+ 13:24:10 klanz2: should not deprecate anything that was optional before 13:24:13 ack t 13:24:18 ack tlr 13:25:21 http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2007JulSep/0012.html 13:25:56 http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2007JulSep/0015.html 13:26:01 tlr: good thing to discourage, reduces interop risk 13:26:06 +1 13:26:09 +1 13:27:37 tlr: do reference wd but warn that can be problematical 13:28:54 fjh: need to move this forward for interop, needs to be stable 13:29:47 q+ 13:29:50 klanz2: existing signatures out there that use this but don't know impact yet 13:30:19 q- 13:30:52 klanz2: worried about implementations removing support because of discouraging 13:31:11 q+ 13:31:39 ack tlr 13:31:54 ack tlr 13:31:57 Support of the xpointer() scheme [XPointer-xpointer] beyond the minimal usage discussed in this section is discouraged, this does not affect the optional support of xpointers in URIs. 13:32:10 zakim, unmute thomas 13:32:10 Thomas should no longer be muted 13:32:45 tlr: harmful to create perception of widespread XPointer support when it isn't there 13:32:48 tlr: creating perception there is wide support for xptr is harmful, 13:33:21 tlr: discouragement is about xptr ?, not framework 13:33:34 s/?/scheme 13:33:50 s/xptr ?/xpointer() scheme/ 13:33:58 s/xptr scheme/xpointer() scheme/ 13:34:19 q+ 13:34:25 q- 13:34:32 ack fjh 13:34:33 zakim, mute me 13:34:33 Thomas should now be muted 13:34:45 klanz2: a little late to discourage, been there since 2002 13:35:06 wrong. It's been wrong for quite some time. 13:35:23 q+ 13:35:35 is discouraged for future signature generation 13:36:27 EdS: may run into same issues as ? 13:37:16 Support of the xpointer() scheme [XPointer-xpointer] beyond the minimal usage discussed in this section is discouraged for new systems generating signatures. 13:37:17 fjh: that's what discouraging would solve, try to find wording that addresses konrads concerns 13:37:48 yes 13:38:23 q+ 13:38:26 EdS: future applications use plain URI and XPath transform instead of xpointer 13:38:44 [XPointer-xpointer] is in Working Draft status as of publication of this edition of XML Signature. 13:39:06 Therefore, support of the xpointer() 13:39:30 scheme beyond the minimal usage discussed in this section is discouraged. 13:40:20 q? 13:40:34 Therefore instead of using the xpointer() scheme, use of a plain URI and transform is recommended 13:40:39 ack EdS 13:40:40 Therefore, future applications use plain URI and some transform (e.g. XPath ) instead of xpointer 13:40:50 ack tlr 13:40:56 zakim, unmute me 13:40:56 Thomas should no longer be muted 13:41:25 tlr: good to keep discouragement, reluctant to add should 13:41:42 equivalent funcationality can be achieved by using a full URL and appropriate transforms. 13:41:54 ... could say by using appropriate transform, not an explicit recommendation 13:42:09 It is recommended that new applications implement the functionality described for XPointer above by specifying a plain URI in the Reference @URI attibute and using a Transform to select the required fragment. 13:45:09 fjh: all in agreement to make this problem known 13:47:14 well, lots of verifiers won't work anyay 13:47:14 klanz2: don't want to discourage validators from supporting what they have already supported 13:47:57 change "that new applications, when creating signatures, implement..." 13:49:11 q+ 13:49:17 propose "discouraged for signature generation" 13:49:27 klanz2: ok with discouraging future signature generation 13:49:34 zakim, unmute me 13:49:34 Thomas was not muted, tlr 13:49:53 It is recommended that new applications implement the functionality 13:50:04 for signature generation 13:50:15 described for XPointer above by specifying a plain URI in the 13:50:23 Reference @URI attibute and using a Transform to select the required fragment. 13:51:22 q+ 13:53:57 q 13:53:58 w+ 13:54:00 q+ 13:54:23 zakim, mute me 13:54:23 Thomas should now be muted 13:54:28 tlr: concerned that making change still allows people to rely on it in validators 13:54:36 ... need stronger statement 13:56:58 q+ to say I'm happy to word-smith edS's language on the list 13:58:40 q+ 13:59:37 ack tlr 13:59:37 zakim, unmute thomas 13:59:39 Thomas should no longer be muted 14:00:15 can wordsmith ed sentence and add to discourage statement, on list 14:00:56 tlr: wording in editor's draft can be read that impl that support it may want to drop it 14:01:35 tlr: "use" is softer than "support", can help address concerns raised in WG, takes away some pressure on implementers 14:01:36 tlr: suggest "use of that scheme" is discouraged takes a bit of pressure off implementors 14:02:51 q+ 14:03:11 ack lkan 14:03:12 zakim, mute me 14:03:13 Thomas should now be muted 14:03:14 ack klanz 14:03:20 q- thomas 14:03:47 Note that while the alternative to XPointer I propose is an alternative, it is not necessarily better than XPointer because it puts processing load on the client rather than the server. 14:04:02 ack eds 14:04:04 it is valid (and optional) to support any xpointer scheme you might come up with. 14:04:32 klanz2: just about the support being there since 2002 14:05:39 Xpointer was a CR but then went back to WD, right? 14:05:49 eds, yes, with massive changes 14:06:07 q+ to make a procedural proposal 14:06:47 +1 to taking it to th elist 14:06:58 q- 14:07:19 zakim, unmute thomas 14:07:19 Thomas should no longer be muted 14:07:20 fjh: excl c14n - agreed to not list it as an algorithm 14:07:32 ... discuss next week 14:08:18 tlr: hash out over email; first agenda item next week should be xpointer decision 14:10:52 need to start test cases soon 14:11:17 zakim, unmute me 14:11:17 Thomas was not muted, tlr 14:12:35 -klanz2 14:12:49 lost the c 14:12:52 call 14:13:11 zakim, what is the code ? 14:13:11 the conference code is 965732 (tel:+1.617.761.6200 tel:+33.4.89.06.34.99 tel:+44.117.370.6152), klanz2 14:13:45 can't get in any more sorry ... bye 14:14:14 I'll stay on the chat ... 14:14:49 thanks Konrad. Discussing whether you can contribute test case input/output files into CVS folder under interop 14:15:44 use of HMAC-SHA-1 mandatory alg for signing, sip 14:15:44 I'll look into that on monday or tuesday 14:15:56 is that simpler? 14:16:08 want only 1 alg, one set of key material etc 14:17:34 -Hal_Lockhart 14:17:38 -rmiller3 14:17:50 -Ed_Simon 14:18:13 Zakim, list participants 14:18:13 As of this point the attendees have been fjh, sean, +1.410.695.aaaa, Thomas, rmiller3, Ed_Simon, Hal_Lockhart, klanz2 14:18:27 RRSAgent, make log public 14:18:36 RRSAgent, generate minutes 14:18:36 I have made the request to generate http://www.w3.org/2007/08/14-xmlsec-minutes.html fjh 14:21:53 -sean 14:21:54 -Thomas 14:22:28 -fjh 14:22:29 T&S_XMLSEC()9:00AM has ended 14:22:31 Attendees were fjh, sean, +1.410.695.aaaa, Thomas, rmiller3, Ed_Simon, Hal_Lockhart, klanz2 14:22:40 zakim, bye 14:22:40 Zakim has left #xmlsec 14:22:52 rrsagent, bye 14:22:52 I see 1 open action item saved in http://www.w3.org/2007/08/14-xmlsec-actions.rdf : 14:22:52 ACTION: 73 to wait for Konrad to confirm if closed [1] 14:22:52 recorded in http://www.w3.org/2007/08/14-xmlsec-irc#T13-06-28