Regarding ACTION-528 (ISSUE-188) from Magnus Nystrom on 2010-03-01 (public-xmlsec@w3.org from March 2010)

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Mon, 1 Mar 2010 05:09:22 +0000
To: "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D595068070CABA1@TK5EX14MBXW604.wingroup.windeploy.ntde>

Dear all,
This is in response to ACTION-528 that was assigned to me during this week's call.

I reviewed the latest XML DSig draft and the latest XML Enc draft. I am not sure when the text in Section 4.5.8 of XML DSig 1.1 got added, but it is, as Frederick noticed, clearly not correct. I suggest a change to:

"
4.5.8 XML Encryption EncryptedKey and DerivedKey Elements
The <xenc:EncryptedKey> and <xenc11:DerivedKey> elements defined in [XMLENC-CORE1<http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#bib-XMLENC-CORE1>] as children of ds:KeyInfo can be used to convey in-band encrypted or derived key material. In particular, the <xenc:DerivedKey> element may be present when the key used in calculating a Message Authentication Code is derived from a shared secret.
"

Also, I noted that the current draft of XML Enc 1.1 (at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/)
does not link to the 1.1 schema (of which I found one copy at: http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/xenc-schema-11.xsd), but rather twice to the 1.0 schema (at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/xenc-schema.xsd)

-- Magnus

Received on Monday, 1 March 2010 05:10:14 UTC