See also: IRC log
<trackbot> Date: 09 March 2010
<fjh> ScribeNick: kwouters
<fjh> No teleconference 16 or 23 March. Next teleconference 30 March.
<fjh> Updated C14N20 and Signature 2.0 WDs published
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0045.html
<fjh> 2 March minutes
<fjh> http://www.w3.org/2010/03/02-xmlsec-minutes.html
RESOLUTION: Minutes from 2 March 2010 approved.
<fjh> Proposed RESOLUTION: Minutes from 2 March 2010 approved.
<fjh> C14N20 and Signature 2.0
<fjh> XML Security RNG Schemas draft
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlsec-rngschema/Overview.html
<fjh> Algorithms Cross Reference
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/
<fjh> Generic Hybrid Ciphers
<fjh> Incorporated edits from Magnus to address ACTION-534
<fjh> ISSUE-191?
<trackbot> ISSUE-191 -- XML Signature 1.1 and XML Encryption 1.1 use different URIs for sha384. -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/191
<fjh> http://www.w3.org/2001/04/xmlenc#sha384 (in XML Signature 1.1)
<fjh> http://www.w3.org/2001/04/xmldsig-more#sha384 (in XML Encryption 1.1)
<scantor> sorry, VOIP client
don't understand
<Cynthia> Can't hear you either
<scantor> I'm saying people are using the old strings
<scantor> but why was the RFC allowed to expire?
<scantor> I think we have to use the old strings
<fjh> proposed RESOLUTION: use http://www.w3.org/2001/04/xmldsig-more#sha384 for backward compatibility
<scantor> are any other algs affected?
<scantor> I mean other algs
<scantor> SHA256, etc
<scantor> probably need to review that, by looking at anything defined in the RFC
<scantor> double checking, but I believe those are defined in the Apache C++ lib
<scantor> (the "more" URIs)
RESOLUTION: use http://www.w3.org/2001/04/xmldsig-more#sha384 for backward compatibility
<fjh> ACTION: fjh to review sha384 with tlr, re cross-ref, sig [recorded in http://www.w3.org/2010/03/09-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-541 - Review sha384 with tlr, re cross-ref, sig [on Frederick Hirsch - due 2010-03-16].
<fjh> issue-192?
<trackbot> ISSUE-192 -- Namespaces for DerivedKey and pbkdf2 outside of xenc11 namespace -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/192
<fjh> use namespace http://www.w3.org/2009/xmlenc11
<fjh> RESOLUTION: resolve ISSUE-192 as Thomas proposed, using enc11 namespace
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0046.html
<scantor> the one comment I had on the RNG stuff was that the explosion of combinations in an attempt to constrain everything may create more errors
<scantor> yes, that's what concerns me
<scantor> I don't read RNG, it's more of a general comment
<scantor> they're non-normative, so I guess it's moot, just stating a viewpoint
<scantor> (I think it is helping with spec review, separate issue)
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0049.html
<fjh> ECKeyValue, http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0050.html
<fjh> issue: Is "the ECPublicKey element" in Encryption 1.1 and Signature 1.1
<trackbot> Created ISSUE-193 - Is "the ECPublicKey element" in Encryption 1.1 and Signature 1.1 ; please complete additional details at http://www.w3.org/2008/xmlsec/track/issues/193/edit .
<fjh> actually the ECKeyValue element?
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0051.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0053.html
<fjh> XML Encryption uses <any namespace="##other"> but
<fjh> XML Encryption 1.1 uses <any namespace="##any">.
<fjh> Is this intentional? Do you really want to allow elements
<fjh> of the namespace http://www.w3.org/2009/xmlenc11#?
<scantor> but he's saying it changed, right?
<fjh> believe the answer is yes, intentional, cannot change older schemas
<scantor> why would we have changed it from 1.0 to 1.1?
<scantor> I haven't looked to see if he's right, but that sounds like a bug
<fjh> need to check where specifically this is, is it new, or a change
<scantor> sure, just capture the links for me
<fjh> ACTION: scott to check on issue related to other and any in XML Enc, see http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0053.html [recorded in http://www.w3.org/2010/03/09-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-542 - Check on issue related to other and any in XML Enc, see http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0053.html [on Scott Cantor - due 2010-03-16].
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0044.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2010Mar/0042.html
<fjh> Believe all changes incorporated by Thomas and this is done
http://lists.w3.org/Archives/Member/member-xmlsec/2010Mar/0010.html
<fjh> XML Encryption 1.1
<fjh> Generic Hybrid Ciphers
<fjh> XML Security RNG Schemas
<fjh> XML Security Algorithm Cross-Reference
no meeting in june
<fjh> proposed RESOLUTION: Plan tentatively for F2F at TPAC, Mon-Tue, 1-2
<fjh> November
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2010Mar/0008.html
<Cynthia> I have no issues with the dates
RESOLUTION: Plan tentatively for F2F at TPAC, Mon-Tue, 1-2 November.
<scantor> yes
<fjh> ISSUE-43?
<trackbot> ISSUE-43 -- Improvements to XML Signature schema -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/43
usiie-435?
<scantor> I added various notes to the issue to bring it up to date
issue-43?
<trackbot> ISSUE-43 -- Improvements to XML Signature schema -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/43
<scantor> I noted a couple of possible outstanding concerns we might look at
<fjh> The problem with mixed content models really can't be fixed at this point, but we could choose to include normative "SHOULD NOT" language around some of the elements.
<fjh> Finally, the X509IssuerSerial problem is severe enough that we might choose to address it. We could do so by non-normatively suggesting that implementations relying on schema validation use a modified schema that re-types the serial number as a string, or we could define a new child element in place of the original. It seems like for most implementations the modified schema approach would be sufficient and cause the least trouble. [Scott Cantor]
<scantor> probably, yeah
<scantor> sure
<fjh> ACTION: scantor to make proposals for the last two points noted in ISSUE-43 comments [recorded in http://www.w3.org/2010/03/09-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-543 - Make proposals for the last two points noted in ISSUE-43 comments [on Scott Cantor - due 2010-03-16].
ISSUE-162?
<trackbot> ISSUE-162 -- Will reliable determination of Object elent type and encoding be possible under 2.0 Transform -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/162
<fjh> need to find use case relevant to issue-162, then determine how it works or not with 2.0
<fjh> ACTION: pratik to review ISSUE-162 [recorded in http://www.w3.org/2010/03/09-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-544 - Review ISSUE-162 [on Pratik Datta - due 2010-03-16].
<Cynthia> Any status on the RIM IPR?
<fjh> Efforts are still underway, no new news to report now.