[1]W3C [2]XML Encryption WG [1] http://www.w3.org/ [2] http://www.w3.org/Encryption/2001/Overview.html 2001-May-15 Chair: Joseph Reagle Note Taker: Joseph Reagle [3]text] [3] http://www.w3.org/Encryption/2001/Minutes/010514-tele.html,text Participants * Joseph Reagle, W3C * Blair Dillaway, Microsoft * Frederick Hirsch, Zolera * Katherine Betz, IBM * Eric E. Cohen, PricewaterhouseCoopers LLP * Donald Eastlake 3rd, Motorola * Mark Scherling, RSA * John Velissarios, PricewaterhouseCoopers LLP * Ed Simon, * "Rags" Srinivas * Cicy Guiney(?), Baltimore * Dan Toth, Ford * Mimi Tran, Verisign * Amir Herzberg, NewGenPay * David Stern, Intel * David Solo, Citigroup News * Reagle: will post logistics of July 20th FTF later today. There's the possibility of a XKMS Workshop on July 19th, but the deadline for making that announcement is this Thursday, so if everything isn't ready by then, a later date will be considered. Status of documents * Plans: First Spec Working Draft mid-June; also a Requirements Last Call at the same time. Might be able to publish [4]Decryption Transform for XML Signature then as well. [4] http://lists.w3.org/Archives/Public/xml-encryption/2001May/att-0005/01-dt-note.html Reviewing [5]Previous Items [5] http://www.w3.org/Encryption/2001/Minutes/010319-tele.html 1. Imamura: [6]Does this mean the KeyRetrievalMethod element must not occur within the KeyInfo element of an EncryptedKey element? + Dillaway will send tweaked text to generalize to the list. [7]Dillaway proposed text, [8]Reagle included it in the latest proposal. 2. Eastlake: draft a more complete algorithm section including algorithm profiles and IV checksum cipher data values. Done: first draft accomplished, WG should comment. 3. Maruyama: update the Encryption/Signature Transform. Update Security Considerations, add a scenario or two (and maybe borrow "enc:DataRef" instead of using "EncryptedReference"). Done: [9]Decryption Transform for XML Signature, WG should comment. 4. Maruyama: an email exploring the question of our processing model and the relationship between DOM, Infoset, and serialization and the issue related to using current parsers to get a pointer to a byte where element starting "<" is. Done: Takeshi reports he believes we should maintain the octet processing model, though it may make DOM/Infoset based implementations more tricky. Dillaway: also believes this is the right approach. [6] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0011.html [7] http://lists.w3.org/Archives/Public/xml-encryption/2001May/0002.html [8] http://lists.w3.org/Archives/Public/xml-encryption/2001May/0008.html [9] http://lists.w3.org/Archives/Public/xml-encryption/2001May/att-0005/01-dt-note.html Requirements * [10]Support for signing plaintext and ciphertext via . Herzberg: how to address the signing of a message over which portions of which will be subsequently encrypted (both signature and encryption are by the author). This is a follow-up to earlier threads on security of encrypted&signed text, where the signature should not leak information about the plaintext now purposefully obscured by the encryption. Reagle: Let's continue this discussion on the list (and also look at [11]Decryption Transform for XML Signature.) * [12]Kudos and Comments on XML Encryption Requirements working draft (Miller) Action Reagle: respond. [10] http://lists.w3.org/Archives/Public/xml-encryption/2001May/0000.html [11] http://lists.w3.org/Archives/Public/xml-encryption/2001May/att-0005/01-dt-note.html [12] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0028.html Draft * Can we move away from KeyRetrievalMethod towards RetrievalMethod with a particular type? (Not much more discussion on the list, let's decide one way or the other.) Action: Reagle check with Schaad, otherwise no opposition. * Imamura: [13]Does CipherData include CryptoBinary or a set of Transforms? Reagle: We probably need a new element, what should we call it? + Need some new structure, two candidates include 1. Reagle: Two children of CipherData: Reference and Value. 2. Eastlake: Two alternatives to replace CipherData: Cipher(Data|Value) and CipherReference Reagle: I created a CipherReference and CipherValue as children of CipherData for expositional convenience. Dillaway and Simon support this, Don still prefers option 2 (not needing the extra level of nesting) but it isn't a show-stopper issue. * NameKey: needs a better name. Candidates include "FriendlyKeyName" (discussed on last call), "CarriedKeyName" (now proposed by Reagle), or "NamedKeySelection" or "KeyIndex" (proposed by Hirsch). Not much more discussion on the list, let's decide one way or the other: CarriedKeyName. * [14]Farrell: Is whitespace in KeyName significant? Simon: strip the trailing and beginning white space, but otherwise you should be careful. Reagle: Isn't this a dsig issue, should we specify processing behavior for elements in the dsig namespace? Action Eastlake: will post message to xmldsig list. * Dillaway: distinction between Element and children not really necessary. Trying to simplify, not a strong proposal. Reagle, investigate, option of renaming itself. [13] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0016.html [14] http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0020.html Misc. * Next call on June 11. * Reagle will be in Europe from May 22 -May 29th for [15]XML 2001 Europe. dsig/xenc [16]presentation on Friday. * Simon will be giving a [17]tutorial earlier in the week. [15] http://www.gca.org/attend/2001_conferences/europe_2001/ [16] http://www.gca.org/attend/2001_conferences/europe_2001/businessimp.htm [17] http://www.gca.org/attend/2001_conferences/europe_2001/tutorialsmon.htm