XML Security Working Group Teleconference
24 Nov 2009


See also: IRC log


Thomas Roessler, Scott Cantor, Cynthia Martin, Ed Simon, Bruce Rich, Hal Lockhart, Chris Solc,
Pratik Datta, Gerald Edgar
Frederick Hirsch
Thomas Roessler
Scott Cantor




<trackbot> Date: 24 November 2009

<tlr> ScribeNick: scantor


<tlr> http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/att-0013/minutes-2009-11-05.html

<tlr> http://lists.w3.org/Archives/Member/member-xmlsec/2009Nov/att-0013/minutes-2009-11-06.html

<tlr> RESOLUTION: minutes approved

Editorial Updates

Frederick working on converting 1.1 specs


ISSUE-155 Add AES-GCM to XML Encryption 1.1

<tlr> issue-155?

<trackbot> ISSUE-155 -- Add AES-GCM to XML Encryption 1.1 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/issues/155

pdatta: made proposal, Brian supposed to review

EXI and XML Encryption

tlr: working on review of section 4 of xmlenc
... has discussed using EXI for c14n, rough idea on how it would work
... not something to hold 1.1 for
... but something useful to do here

ISSUE-82, support for range of key sizes

No discussion

ISSUE-91, ECC update

No discussion

Requirements publication

tlr: waiting on ISSUE-63 and ISSUE-9

hlockhar: will try to look at BSP before next call

ACTION-441 to review BSP 1.1 by Cynthia

<tlr> action-386?

<trackbot> ACTION-386 -- Hal Lockhart to look at WS-I BSP constraints on DSig -- due 2009-10-13 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/386

<tlr> action-441?

<trackbot> ACTION-441 -- Cynthia Martin to review BSP 1.1 (http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html) with respect to Signature 1.1 and Encryption 1.1 -- due 2009-11-13 -- OPEN

<trackbot> http://www.w3.org/2008/xmlsec/track/actions/441

<Cynthia> I am almost done with Action 441- will send the comments to the list shortly, srory missed my name

<Cynthia> I also reviewed the MQQ papers

<Cynthia> I am not adding additonal ones to v1.1

action review

no pending items to close

namespace wrapping attacks

tlr: observed email exchange on wrapping attacks with Ed Simon

esimon2: received a paper from German researchers to post to list, along same lines as my thinking
... should be able to close action related to unsigned namespace decls

tlr: any mitigations to get into 1.1?

esimon2: I think so, but may need discussion

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2009/12/08 15:11:20 $