This document summarizes the changes that the XML Security Working Group has made to the XML Encryption Syntax and Processing Specification in preparing a proposed 1.1.
Updated to use ReSpec.js
Updated formatting of examples.
Updated grammar replacing 'which' with 'that' as appropriate.
Updated to Version 1.1, updated date and version links. Updated editor information to add Magnus Nyström and Kelvin Yiu as editors.
Updated to reflect status of 1.1 version.
Add subsections to section 3.5 for key derivation.
Add subsections to section 5 for algorithm subsections.
Split Section 10, References, into Normative and Informative reference subsections.
Update to Acknowledgements
Added warning about examples regarding possible plaintext attacks.
Removed MimeType from EXI example, updated text before example with explanation.
Fixed example, removing extra closing slash, per LC-2420.
EncryptedType
ElementFixed typo, "descendants"
Added sentence at end of section regarding optional use of MimeType with EXI.
CipherReference
ElementClarified that the syntax of URI and Transforms is defined in XML Signature.
CipherData
ElementClarified that the base64 encoded text is contained as element content when CipherValue element is used.
EncryptedData
ElementAdd element content to the possibilities that also include replacement or a new document root.
EncryptedKey
ElementChange "is to" to "MUST" for "The value of the key MUST
be the same in all EncryptedKey
elements
identified with the
same CarriedKeyName
label within a single XML
document."
Fixed typos, "inherited", "unambiguous"
DerivedKey
elementAdded new subsection describing this new
ds:KeyInfo
child.
Added the following:
KeyDerivationMethod
optional element, DerivedKeyName
optional
element, and Id
attribute.
ds:RetrievalMethod
elementAdded DerivedKey
to description of use
of RetrievalMethod
.
Removed fixed
attribute in schema attribute
definition.
ReferenceList
elementAdded DerivedKey
to section text.
EncryptionProperties
elementAdded section for EncryptionProperties Element identifier.
Refactored 4.1-4.4 to clarify what parts of the processing
model are normative and what aren't; adding Type
parameter for EXI; adding processing for EXI.
Clarified text noting that encryption can often cause the document with encrypted parts to become invalid with respect to its schema.
To avoid possible confusion with encryption transforms, changed "transforms on octets" to "operations on octets" in first paragraph.
Changed "MANDATORY to" to "be required by" for discussion of what other specifications might require.
Fixed typo, removed " fed is".
Added text regarding consensus issues on mandatory to implement algorithms
Added AES-128|192|256-pad key wrap mechanisms as OPTIONAL.
Changed SHA-1 to REQUIRED, but DISCOURAGED.
Changed SHA-256 to REQUIRED
Added SHA-384 as OPTIONAL
Added Canonical XML 1.1 (omit comments) as OPTIONAL
Added Canonical XML 1.1 with comments as OPTIONAL
Removed Message Authentication (not normative)
Added key derivation algorithms, ConcatKDF as REQUIRED, PBKDF2 as OPTIONAL.
Added Key Agreements, Diffie-Hellman Key Agreement (Ephemeral-Static mode) with Legacy Key Derivation Function and explicit Key Derivation Functions as Optional, and Elliptic Curve Diffie-Hellman (Ephemeral-Static mode) as REQUIRED,
Fixed typo, "refer"
New section added defining two key derivation algorithms, ConcatKDF and PBKDF2.
Removed default from PRFAlgorithmIdentifierType. Added recommendation to use HMAC-SHA256 with PBKDF2 instead of HMAC-SHA1.
Updated RFC 2437 to RFC 3447. Adjusted section reference appropriately.
Added CipherValue
to CipherData
example.
Revised normative language requiring support of 192-bit TRIPLEDES keys to use MUST.
Updated RFC 2437 to RFC 3447. Adjusted section references appropriately.
Updated example to have no spaces in OAEPparams
element
content.
Added paragraph on declaration of Key derivation algorithms
using xenc11:KeyDerivationMethod
using
the xenc:AgreementMethodType
.
Updated example to
include KeyDerivationMethod
.
Moved identifier from this section to new section on legacy KDF, section 5.6.2.2.
Modified discussion to include use of KDF to produce secret key using explicit or legacy KDFs.
Clarified implementation requirements.
New section describing explicit key derivation functions.
New section containing identifier and original material for KDF described in previous version of XML Encryption. Clarified implementation requirement.
New section defining ECDH key value URI and use.
New section defining ECDH-ES key agreement algorithm URI and use.
Revised introduction paragraph and description for clarity.
Removed Section 5.6.1 - Checksums - as it was not required after making the change to 5.6.2 and 5.6.3 (see below).
Removed detailed, step-by-step description of Triple-DES key wrap from (what used to be) 5.6.2, replaced with reference to IETF RFC 3217.
Removed detailed, step-by-step description of AES key wrap from (what used to be) 5.6.3, replaced with reference to RFC 3397.
Section 5.7.3: Changed reference from DRAFT-HOUSLEY-KW-PAD to AES-WRAP-PAD to match changed tag associated with RFC publication.
Added text to explain reason for discouraging use of SHA-1.
Removed REQUIRED for SHA1.
Changed RECOMMENDED to REQUIRED for SHA256.
Added new section for SHA384.
Section deleted as per resolution on WG call 20090602.
Added XML Canonicalization 1.1 (both omitting and with comments)
Fixed typo, space between [Davis] reference and period.
Fixed typos, "initialization", "resistance"
New security consideration for implementations to limit information included in error responses for security algorithms.
Changed "MIME media type name" to "Type name" and "MIME subtype name" to "Subtype name"
Added reference to XML Encryption 1.1 as well as XML Encryption 1.0
Changed contact information from Joseph Reagle to "World Wide Web Consortium <web-human at w3.org>"
Fixed typo, "exercises"
Added XML Encryption 1.1 XSD Schema instance
Removed "Examples" from section title.
Noted that example is not normative.
Split references section into normative and informative sections.
Added links for references
Updated SHA reference to FIPS-186-3
Updated XML Signature reference to XML Signature 1.1
Updated Glossary RFC 2828 to RFC 4949
Added Media Types RFC 3023 update to MIME-REG RFC 2048 reference
Updated UTF-8 RFC 2279 to RFC 3629
Updated URI RFC 3406 to RFC 3986
Updated X509v3 from ISO/IEC 9594-8:1997 to 9594-8:2001, added link
Updated RFC 1750 to RFC 4086
Updated RFC 239x6 to RFC 3986
Updated RFC 2437 to RFC 3447
Updated Reference for FIPS-186-3 to reflect final publication.
Added reference to recent work on SHA-1 analysis (to be changed once paper appears on IACR.org).
Updated the following references to reflect final publication: AES-WRAP, SHA, XML-DSIG, XMLDSIG11, Glossary, MIME-REG, XML 1.0 and UTF-8.
Replaced reference DRAFT-HOUSLEY-KW-PAD with AES-WRAP-PAD now that the reference has been published as RFC 5649.
Added web link for ANSI X9.52.
Removed the old XML Signature reference, retaining only reference for Signature 1.1, naming it XML-DSIG.
Added informative reference to ANSI X9.44-2007.
Added D. McGrew, K. Igoe, M. Salter. reference for ECC-ALGS, Fundamental Elliptic Curve Cryptography Algorithms.
Reformatted and sorted by using ReSpec.js bibliography tool (updated common bibliography)