13:27:27 RRSAgent has joined #xmlsec 13:27:27 logging to http://www.w3.org/2009/07/14-xmlsec-irc 13:27:29 RRSAgent, make logs member 13:27:29 Zakim has joined #xmlsec 13:27:31 Zakim, this will be XMLSEC 13:27:31 ok, trackbot; I see T&S_XMLSEC()10:00AM scheduled to start in 33 minutes 13:27:32 Meeting: XML Security Working Group Teleconference 13:27:32 Date: 14 July 2009 13:41:20 Cynthia has joined #xmlsec 13:42:05 Zakim, who is here? 13:42:05 T&S_XMLSEC()10:00AM has not yet started, Cynthia 13:42:07 On IRC I see Cynthia, Zakim, RRSAgent, klanz, tlr, trackbot 13:50:05 T&S_XMLSEC()10:00AM has now started 13:50:12 + +1.443.370.aaaa 13:50:45 fjh has joined #xmlsec 13:51:38 Chair: Frederick Hirsch 13:52:09 Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0038.html 13:53:35 ok 13:57:50 +Frederick_Hirsch 13:58:20 zakim, aaaa is Cynthia 13:58:20 +Cynthia; got it 13:58:45 Present: Frederick_Hirsch, Cynthia_Martin 13:59:38 bhill has joined #xmlsec 13:59:49 + +1.617.876.aabb 13:59:56 thanks 14:00:27 zakim, aabb is sean 14:00:29 ScribeNick: bhill 14:00:29 + +5aacc 14:00:29 +sean; got it 14:00:32 csolc has joined #xmlsec 14:00:41 mullan has joined #xmlsec 14:00:41 + +1.303.229.aadd 14:00:50 zakim, aadd is bhill 14:00:50 +bhill; got it 14:01:03 zakim, who is here 14:01:04 csolc, you need to end that query with '?' 14:01:11 zakim, call thomas-781 14:01:11 zakim, who is here? 14:01:12 ok, tlr; the call is being made 14:01:12 Present+ Brad_Hill, Sean_Martin, Chris_Solc 14:01:13 On the phone I see Cynthia, Frederick_Hirsch, sean, +5aacc, bhill 14:01:15 On IRC I see mullan, csolc, bhill, fjh, Cynthia, Zakim, RRSAgent, klanz, tlr, trackbot 14:01:16 +Thomas 14:01:24 Present+ Thomas_Roessler 14:01:27 zakim, I am thomas 14:01:30 ok, tlr, I now associate you with Thomas 14:01:30 scantor has joined #xmlsec 14:01:31 zakim, mute me 14:01:32 zakim, aacc is csolc 14:01:34 Thomas should now be muted 14:01:38 +csolc; got it 14:01:58 + +0468725aaee 14:02:03 magnus has joined #xmlsec 14:02:07 pdatta has joined #xmlsec 14:02:10 ack t 14:02:15 zakim, mute aaee 14:02:16 + +1.206.992.aaff 14:02:24 zakim, unmute thomas 14:02:39 + +1.614.247.aagg 14:02:43 +0468725aaee should now be muted 14:02:48 zakim, aaff is kyiu 14:02:48 zakim, mute csolc 14:02:52 zakim, who is making noise? 14:02:53 Thomas was not muted, tlr 14:02:53 zakim, aagg is scantor 14:03:03 +kyiu; got it 14:03:05 csolc should now be muted 14:03:07 +scantor; got it 14:03:15 +[Oracle] 14:03:17 tlr, listening for 10 seconds I heard sound from the following: Frederick_Hirsch (96%), kyiu (43%) 14:03:19 zakim, who is here? 14:03:21 On the phone I see Cynthia, Frederick_Hirsch, sean, csolc (muted), bhill, Thomas, +0468725aaee (muted), kyiu, scantor, [Oracle] 14:03:29 On IRC I see pdatta, magnus, scantor, mullan, csolc, bhill, fjh, Cynthia, Zakim, RRSAgent, klanz, tlr, trackbot 14:03:39 zakim, [Oracle] is pdatta 14:03:40 TOPIC: Administrivia 14:03:50 +pdatta; got it 14:03:58 zakim, aaee is magnus 14:04:05 +magnus; got it 14:04:12 +[IPcaller] 14:04:23 zakim, I am thomas 14:04:25 zakim, mute me 14:04:25 zakim, [IPcaller] is jcc 14:04:26 ok, tlr, I now associate you with Thomas 14:04:28 Thomas should now be muted 14:04:28 shivaram has joined #xmlsec 14:04:32 +jcc; got it 14:04:34 zakim, who is making noise? 14:04:51 tlr, listening for 10 seconds I heard sound from the following: Frederick_Hirsch (97%), kyiu (62%), jcc (9%) 14:04:57 I can't hear the speakers- bad background noise 14:04:59 + +1.408.907.aahh 14:05:00 zakim, mute jcc 14:05:02 jcc should now be muted 14:05:04 zakim, mute kyiu 14:05:04 kyiu should now be muted 14:05:07 brich has joined #xmlsec 14:05:13 zakim, aahh is shivaram 14:05:13 +shivaram; got it 14:05:19 zakim, mute me 14:05:19 shivaram should now be muted 14:05:24 tlr: TPAC registration is open 14:05:29 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0022.html 14:05:31 s/tlr:/fjh:/ 14:05:33 Approve 14:05:48 RESOLUTION: minutes from 7th July approved 14:05:59 TOPIC: KDF, KDF3 14:06:01 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0012.html 14:06:13 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0027.html 14:06:22 + +1.512.401.aaii 14:06:28 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0031.html 14:06:36 ack t 14:06:37 zakim, aaii is brich 14:06:37 +brich; got it 14:06:39 + +1.978.244.aajj 14:06:46 fjh: Review Magnus & Kelvin discussion on list 14:06:51 zakim, mute thomas 14:06:51 Thomas should now be muted 14:06:58 jwray has joined #xmlsec 14:07:00 zakim, who is muted? 14:07:00 I see csolc, Thomas, magnus, kyiu, jcc, shivaram muted 14:07:03 ack mag 14:07:41 magnus: Kelvin has rasied point that KDF definition in some documents only refers to input string 14:07:44 jcruella has joined #xmlsec 14:08:26 jcruella has joined #xmlsec 14:08:38 magnus: Input string components are defined as attributes, propose renaming our function KDF3 to make this clear 14:08:40 jcruella has joined #xmlsec 14:09:00 magnus: but we are using SP800-56 standard format for the most part 14:09:37 magnus: no strong preferences about name, except that it be somewhat short, and make it clear that is KDF from SP800-53 14:10:52 magnus: algID component text updated in new version checked in this morning, some other components not specified at all yet, no way to do this interoperably, so provisional text added for these two components 14:11:19 magnus: PartyU and PartyV info components 14:11:56 q+ 14:12:22 magnus: more full definition probably still needed 14:12:36 fjh: would NIST doc help us with interop if referenced? 14:12:36 q- 14:12:42 ack kyiu 14:12:56 magnus: no, it doesn't define these components or how they are used 14:13:51 kyiu: NIST pushes this up to the application, may be fine to use standardized field in cert, maybe a hash of that component. No interop in NIST doc. 14:14:23 fjh: What about the name? 14:14:42 kyiu: KDF3 implies a more generic verison - this is very specific, prefer ConcatKDF or NISTKDF 14:15:23 magnus: KDF3 is actually defined in a number of documents, but maybe NISTKDF is fine if one can reference 800-56 to distinguish from other NIST KDFs 14:15:36 kyiu: ConcatKDF is used by other NIST people 14:16:12 ACTION: magnus to update name to ConcatKDF 14:16:12 Created ACTION-334 - Update name to ConcatKDF [on Magnus Nyström - due 2009-07-21]. 14:17:12 fjh: kelvin's concerns about optionality of other document... 14:17:22 kyiu: brian out of office 14:17:45 fjh: thinks bal's concerns are that it clearly be OPTIONAL 14:18:06 TOPIC: generic hybrid cipher 14:18:22 fjh: any concrens with generic hybrid cipher in seperate doc? 14:19:19 RESOLUTION: Generic hybrid ciphers will be published as a first public working draft 14:19:50 TOPIC: XML Enc editorial comments 14:19:55 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0034.html 14:20:39 RESOLUTION: Accept XMLEnc edits from Magnus in http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0034.html 14:20:55 ACTION: Magnus to integrate http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0034.html into XMLEnc 14:20:55 Created ACTION-335 - Integrate http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0034.html into XMLEnc [on Magnus Nyström - due 2009-07-21]. 14:21:02 TOPIC: Editorial updates 14:21:12 see agenda for details 14:21:12 + +1.425.237.aakk 14:21:56 Please review the section references to RFC 3447 14:22:41 zakim, aakk is gedgar 14:22:41 +gedgar; got it 14:22:44 -kyiu 14:22:53 magnus checked sections for RFC 3447 in both signature and encryption, both are ok now 14:23:12 issue-137? 14:23:12 ISSUE-137 -- Normative reference to DRAFT-HOUSLEY-KW-PAD -- OPEN 14:23:12 http://www.w3.org/2008/xmlsec/track/issues/137 14:23:39 Update XML Encryption 1.1 with explicit URIs for DH choices 14:23:48 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0025.html 14:24:26 cleanup xml encryption 14:24:27 http://lists.w3.org/Archives/Member/member-xmlsec-commits/2009Jul/0028.html 14:24:37 fjh: Thomas has updated derived keys doc to indicate core is supersceeded 14:24:55 I'm only availiable on skype until I get my voip account recharged ... may take a few minutes longer 14:25:03 Gerald-e has joined #xmlsec 14:25:52 magnus: added reference to processing instructions for cases where key is derived from other key info, and to distinguish wrapped from derived keys 14:26:14 zakim, Gerald-e is gedgar 14:26:14 sorry, Gerald-e, I do not recognize a party named 'Gerald-e' 14:26:53 fjh: lots of minor editorial work, nearly ready to publish 14:26:55 zakim, gedgar is Gerald-e 14:26:55 +Gerald-e; got it 14:27:20 TOPIC: Signature 1.1 references 14:27:26 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0029.html 14:28:01 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/att-0029/XML_sig_11_References_a.htm 14:29:38 RESOLUTION: Accept Cynthia's changes to update working draft 14:30:03 fjh: any volunteers to edit doc for changed references? 14:30:39 zakim, unmute me 14:30:39 Thomas should no longer be muted 14:31:07 ACTION: tlr to update xml signature references and checkin new explain documents 14:31:07 Created ACTION-336 - Update xml signature references and checkin new explain documents [on Thomas Roessler - due 2009-07-21]. 14:32:06 action-320? 14:32:06 ACTION-320 -- Brian LaMacchia to draft language for HMAC section, 6.3.1 -- due 2009-06-23 -- CLOSED 14:32:06 http://www.w3.org/2008/xmlsec/track/actions/320 14:32:22 TOPIC: ACTION-320 HMAC language 14:32:46 RESOLUTION: HMAC language complete (ACTION 320) 14:33:03 TOPIC: Draft publication of 1.1 working drafts 14:33:08 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jul/0021.html 14:34:17 sorry if asking something that I should know, but these drafts may be exposed to public comments? 14:34:18 I think sig is ready to publish 14:34:38 OK... 14:35:26 wg agrees to publish xml signature 1.1, incorporating reference updates 14:35:46 RESOLUTION: publish WD of XML Signature 1.1, incorporating reference updates 14:35:46 RESOLUTION: Working group agrees to publish XML Signature 1.1 working draft, incorporating reference updates 14:36:53 RESOLUTION: Working group agrees to publish XML Encryption 1.1 working draft, incorporating ConcatKDF and DH explicit key changes 14:37:15 and additional edits agreed on today's call 14:37:43 RESOLUTION: Working group agrees to accept security algorithms note 14:37:59 RESOLUTION: Working group agrees to publish best practices 14:38:07 q+ 14:38:26 RESOLUTION: Working group agrees to publish transform simplification as a working draft 14:38:34 q- 14:38:55 RESOLUTION: Working group agrees to publish new version of derived keys doc 14:38:59 RESOLUTION: publish Note replacement for derived-keys document noting that content has moved into base spec 14:39:22 Publication planned for 23 July 14:40:12 http://www.w3.org/TR/key-encapsulation/ 14:40:32 http://www.w3.org/TR/2009/WD-key-encapsulation-20090516/ 14:40:51 http://www.w3.org/2008/xmlsec/Drafts/key-encapsulation/key-encapsulation.html 14:41:08 xmlsec-generic-hybrid 14:41:39 RESOLUTION: use xmlsec-generic-hybrid as shortname 14:42:17 action: fjh update explain documents with material from Cynthia 14:42:17 Created ACTION-337 - Update explain documents with material from Cynthia [on Frederick Hirsch - due 2009-07-21]. 14:42:27 ACTION: fjh to check in explain documents with material from Cynthia 14:42:27 Created ACTION-338 - Check in explain documents with material from Cynthia [on Frederick Hirsch - due 2009-07-21]. 14:43:12 TOPIC: XML Security 2.0 14:43:38 http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-20/Overview.html 14:44:16 converted to xmlspec format 14:44:34 only copied sections that are being changed 14:44:43 unchanged only has headers, should match 1.1 14:45:18 pdatta: 2.0 is still compatible with 1.0, 1.1 only added as new transforms, but old transforms are not iin this document 14:47:24 pdatta: most 1.0 use cases can be expressed in 2.0 syntax, some cannot. some c14n features in 2.0 cannot be expressed in 1.0 syntax 14:47:31 magnus-is-back has joined #xmlsec 14:49:11 pratik notes now using subelements as previously discussed, example line s07, in 2.1 14:49:44 pratik: core validation updated to use best practices order of operation 14:51:23 section 3.2.1 has note of what has changed 14:51:24 pratik: section 3.2.1 has changes to c14n for signedinfo element 14:55:35 q? 14:56:05 items for inclusion in document - byte range transforms for binary, note that c14n optional for binary 14:56:08 bhill: add byte range specifiers for binary parameters in 4.4.3.2 14:59:05 pdatta: model is general, c14n could be described for other data types, e.g. database columns 14:59:25 fjh: should compatibility be eliminated from this document, discussed in seperate document? 14:59:39 -magnus 14:59:59 scantor: ++ have distinct document or subsection for compat 15:00:10 I agree, backward compatability and interoperability issues should be in a different document 15:02:20 pdatta: 1.x has been around for a long time, will continue to be in use, may require 1.2 after 2.0 15:02:58 suggest we focus on new material, then once that is stable and good focus on backward compatibility and possible additional material on that 15:03:21 possible syntax translation document, discussion of need for old transforms or mapping them etc 15:04:12 I think we need version e 15:05:42 pdatta: no section for extensibility yet 15:06:13 pdatta: requirements and reasoning - should that be in this document? 15:06:21 fjh: requirements doc is distinct, should refer to that 15:07:02 anil has joined #xmlsec 15:08:11 TOPIC: exclusive c14n errata 15:08:49 anil has left #xmlsec 15:08:59 scantor: klanz should review latest msft updates, re: xpath 15:09:12 zakim, aajj is jwray 15:09:12 +jwray; got it 15:09:26 Present+ John_Wray 15:10:16 action: klanz to review proposed exclusive c14n errata E02, E07 15:10:16 Created ACTION-339 - Review proposed exclusive c14n errata E02, E07 [on Konrad Lanz - due 2009-07-21]. 15:10:35 TOPIC: Action item review 15:10:48 http://www.w3.org/2008/xmlsec/track/actions/open 15:12:16 ACTION: thomas to fold upcoming signature erratum into 1.1 working draft 15:12:17 Created ACTION-340 - Fold upcoming signature erratum into 1.1 working draft [on Thomas Roessler - due 2009-07-21]. 15:12:46 +??P2 15:13:29 eventually my voip credit arrived sorry for that, let me know if there is anything I can be helpful with today 15:13:31 q+ 15:13:48 ack mullan 15:14:10 q? 15:14:29 q+ 15:14:35 ack klanz 15:15:52 action-340 update explain as well 15:16:07 action-340: update explanation document as well 15:16:07 ACTION-340 Fold upcoming signature erratum into 1.1 working draft notes added 15:16:50 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0075.html 15:16:58 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0076.html 15:17:12 issue-110? 15:17:12 ISSUE-110 -- Need better definition for "visibly utilizes" in Exc-C14N -- OPEN 15:17:12 http://www.w3.org/2008/xmlsec/track/issues/110 15:17:31 Konrad notes E02 looks ok 15:18:45 action-228? 15:18:45 ACTION-228 -- Gerald Edgar to send a message to the list of closed issues and how they were closed -- due 2009-03-10 -- OPEN 15:18:45 http://www.w3.org/2008/xmlsec/track/actions/228 15:20:13 issue-130? 15:20:13 ISSUE-130 -- How does canonicalization deal with xsi:type -- OPEN 15:20:13 http://www.w3.org/2008/xmlsec/track/issues/130 15:20:33 issue-130 closed 15:20:33 ISSUE-130 How does canonicalization deal with xsi:type closed 15:20:54 c14n 2.0 explicitly deals with this 15:21:06 issue-129? 15:21:06 ISSUE-129 -- C14N should notice xml:space -- OPEN 15:21:06 http://www.w3.org/2008/xmlsec/track/issues/129 15:21:12 issue-129 closed 15:21:12 ISSUE-129 C14N should notice xml:space closed 15:21:18 also dealt with in c14n 2.0 15:21:38 issue-126? 15:21:38 ISSUE-126 -- Clarify XMLENC Section 5.8 (Message Authentication) -- OPEN 15:21:38 http://www.w3.org/2008/xmlsec/track/issues/126 15:22:02 q+ 15:22:12 ack klanz2 15:22:12 ack kl 15:22:26 with parent E -> that is also in E's attribute axis 15:23:10 that is more accurate 15:23:26 An element E in a document subset visibly utilizes a namespace declaration, 15:23:28 s/with parent E/that is also in E's attribute axis/ 15:23:50 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0076.html 15:23:50 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0076.html 15:23:54 http://www.w3.org/TR/xml-exc-c14n/ 15:25:13 I don't understand this well. 15:26:12 -shivaram 15:26:41 RESOLUTION: accept errata 02 and 07 for exclusive c14n 15:26:56 action: thomas to update exc-c14n errata 15:26:56 Created ACTION-341 - Update exc-c14n errata [on Thomas Roessler - due 2009-07-21]. 15:27:56 q+ 15:28:12 ack klanz 15:29:24 proposal post corrected copy of exclusive c14n schema in new public location, without changing namespace 15:29:39 reason is that current one is unusable, does not validate 15:30:32 this captures the E02 fix 15:30:42 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0075.html 15:31:48 http://www.w3.org/TR/xml-exc-c14n/exc-c14n.xsd 15:31:56 current definition 15:32:14 idea is to post corrected schema and reference from errata, without changing currently posted definition 15:32:39 alternative is to edit current version, since it was unusable 15:32:51 RESOLUTION: post corrected copy of exclusive c14n schema in new public location, without changing namespace 15:33:23 ACTION: thomas to post updated exc-c14n schema 15:33:23 Created ACTION-342 - Post updated exc-c14n schema [on Thomas Roessler - due 2009-07-21]. 15:33:38 is there a dated URI available 15:33:53 ACTION: tlr provide link to updated schema in exclusive c14n document 15:33:53 Created ACTION-343 - Provide link to updated schema in exclusive c14n document [on Thomas Roessler - due 2009-07-21]. 15:34:04 leave dated uri as is ... make new one ... and relink http://www.w3.org/TR/xml-exc-c14n/exc-c14n.xsd 15:34:12 http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/exc-c14n.xsd 15:34:18 that's what I'd advocate fore 15:34:26 s/fore/for/ 15:35:44 work item is to update exclusive c14n to 2nd edition, incorporating schema fix 15:36:15 ok, bye... 15:36:31 -csolc 15:36:33 -pdatta 15:36:35 -brich 15:36:36 -sean 15:36:38 pdatta has left #xmlsec 15:36:40 -Gerald-e 15:36:48 -klanz2 15:36:52 -Thomas 15:37:08 zakim, list participants 15:37:08 As of this point the attendees have been +1.443.370.aaaa, Frederick_Hirsch, Cynthia, +1.617.876.aabb, +5aacc, sean, +1.303.229.aadd, bhill, Thomas, csolc, +0468725aaee, 15:37:11 ... +1.206.992.aaff, +1.614.247.aagg, kyiu, scantor, pdatta, magnus, jcc, +1.408.907.aahh, shivaram, +1.512.401.aaii, brich, +1.978.244.aajj, +1.425.237.aakk, Gerald-e, jwray, 15:37:14 ... klanz2 15:37:14 -Cynthia 15:37:19 RRSAgent, generate minutes 15:37:19 I have made the request to generate http://www.w3.org/2009/07/14-xmlsec-minutes.html fjh 15:37:24 -scantor 15:37:26 -jcc 15:37:32 rrsagent, make log public 15:38:02 Regrets: Brian LaMacchia, Ed Simon 15:38:14 Scribe: Brad Hill 15:40:01 Present+ Scott_Cantor, Gerald_Edgar, Shivaram_Mysore, Sean_Mullan, Kelvin_Yui, Pratik_Datta,Magnus_Nystrom,Juan-Carlos_Cruellas,Bruce_Rich 15:40:23 RRSAgent, generate minutes 15:40:23 I have made the request to generate http://www.w3.org/2009/07/14-xmlsec-minutes.html fjh 15:41:04 -jwray 15:41:37 Present+ John_Wray 15:41:45 RRSAgent, generate minutes 15:41:45 I have made the request to generate http://www.w3.org/2009/07/14-xmlsec-minutes.html fjh 15:42:21 -Frederick_Hirsch 15:42:35 -bhill 15:42:36 T&S_XMLSEC()10:00AM has ended 15:42:37 Attendees were +1.443.370.aaaa, Frederick_Hirsch, Cynthia, +1.617.876.aabb, +5aacc, sean, +1.303.229.aadd, bhill, Thomas, csolc, +0468725aaee, +1.206.992.aaff, +1.614.247.aagg, 15:42:41 bhill has left #xmlsec 15:42:42 ... kyiu, scantor, pdatta, magnus, jcc, +1.408.907.aahh, shivaram, +1.512.401.aaii, brich, +1.978.244.aajj, +1.425.237.aakk, Gerald-e, jwray, klanz2