This document provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation.
In the case of any difference between this document and the XML Encryption 1.1 specification [[XMLENC-CORE1]], the XML Encryption 1.1 specification is authoritative. This is a non-normative NOTE track document.
This document summarizes non-editorial changes in XML Encryption 1.1 [[XMLENC-CORE1]] from the XML Encryption Recommendation [[XMLENC-CORE]]. A detailed summary of all changes by document section is also available.
Added support for derived keys, in particular:
RetrievalMethoddescription to include
ReferenceListdescription to include
AES-192-GCMBlock Encryption as OPTIONAL.
SHA-384Message Digest as OPTIONAL
For all algorithms added, algorithm identifiers and information were added to the specification.
SHA-1Message Digest to REQUIRED, but DISCOURAGED.
SHA-256Message Digest to REQUIRED
AES-128-GCMBlock Encryption as REQUIRED, added warning about use of CBC block encryption algorithms and reference to paper on attack.
RSA-v1.5Key Transport to OPTIONAL and added note that "Implementation of RSA v1.5 is NOT RECOMMENDED due to security risks associated with the algorithm".
RSA-OAEPKey Transport to be used with arbitrary mask generation functions (e.g.
SHA2based) by defining an additional
URIand significantly revising specification text. Added definition of new
AES-GCMBlock Encryption description of the algorithm as equivalent to encryption followed by signing.
Encodingattribute in the
CipherReferenceelement is defined in XML Signature.
CipherValueelement is used.
AES-256-padSymmetric Key Wrap algorithms.