See also: IRC log
<trackbot> Date: 03 March 2009
<fjh> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2009Mar/0002.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0125.html
<fjh> do not need first sentence in this, or the transition request sentence in middle
<fjh> Rob Miller will scribe next week
<scribe> ACTION: brich: send an announcement to ws federation tc about published security drafts [recorded in http://www.w3.org/2009/03/03-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-226 - Send an announcement to ws federation tc about published security drafts [on Bruce Rich - due 2009-03-10].
<fjh> please inform within your companies about FPWD and ask for comment, also if you know other communities that need to know
<fjh> extend announcement to SSTC, WS-SX and Liberty TEG, IETF, W3C chairs, W3C XML Coordination
<fjh> Next week's call (and through 29 March) 1 hour earlier outside the US
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2009Mar/0000.html
<fjh> AC Rep call for exclusions
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2009Feb/0042.html
<fjh> Minutes from 17 February 2009
<fjh> http://www.w3.org/2009/02/17-xmlsec-minutes.html
<fjh> Minutes from 24 February 2009
<fjh> http://www.w3.org/2009/02/24-xmlsec-minutes.html
<fjh> note that Shivaram should be added to regrets for 24th and previous meeting
http://www.w3.org/2009/02/17-xmlsec-minutes.html
Resolution: Minutes approved for
Feb 17
Resolution: Minutes approved for
Feb 24
<fjh> First Public Working Drafts published
<fjh> http://www.w3.org/News/2009#item25
<fjh> Status updated on wiki
<esimon2> I (Ed Simon) am (incorrectly) still listed in the regrets for the Feb. 17 minutes.
<fjh> http://www.w3.org/2008/xmlsec/wiki/PublicationStatus
fjh: xml core should review the
draft
... EXI or XPROC should review?
smullan: do we have a time line on inter-op
fjh: it is a topic for the WG
smullan: would like a time line for planning reasons
fjh: should we plan for inter-op
for sometime in may?
... we need to prep for inter-op
smullan: may too close, June/July better?
fjh: may deadline to get
prep-work done?
... who can help do the prep work for inter-op?
... do a little work each week,
smullan: does any one have an implementation under way?
<fjh> Should start early and have some continuous progress in advance of May
kelvin: won't have implementation to use as a reference
<fjh> kelvin suggests listing test case cases and breaking down by area
kelvin: would be useful to breakdown test cases by area
fjh: is there anyone in the
position where they can look at a particular
... should come around to this next week after people think
about how to go forward
... concerned about algorithm inter-op
... can kelvin take lead on ECC algorithms
... do we need a questionnaire
... where are people at with inter-op
... is it an issue of timing or resources
<brich> are there some known-answer tests for some of the EC stuff that we could use to prime the effort, to leverage us forward?
fjh: members need to start at looking at how and when they can participate in inter-op
<brich> ability to participate is going to be somewhat dependent on the scope that is chosen for the inter-op
<fjh> Widget 1.0 Signature updated
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Mar/0000.html
fjh: will share updates, and would like feedback on the above spec
<fjh> #ecdsa-ripemd160, #rsa-whirlpool, #ecdsa-whirlpool to XML Security
<fjh> Algorithm Cross-Reference
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0110.html
<fjh> bal notes RIPEMD360 shows up in a bunch of EU specifications, but like SHA-1 is short, without known attacks
bal: concerned should we be
adding algorithms at the short bit lengths
... can we get a reference to where the above algorithms are
being used
... we don't want to include references to everything
<fjh> request references for the algorithm's use, notes regarding security level before adding them
bal: needs some info on why we should use these algorithms
fjh: should go back to Konrad to get some additional info
brich: is the inclusion of the Uri an endorsement?
fjh: doesn't think it is an endorsement
bal: we should be should
inclusive if there is a real use.
... should set a min bar
... should not include a broken algorithm unless we boldly note
that
<fjh> XML Encryption mandatory Key Agreement Algorithms
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0113.html
magnus: Observation that we are mandating a particular curve in signature but not in encryption spec
<fjh> there is no mandatory to implement curve for EC D-H
<fjh> Two key agreement algorithms are defined, Diffie-Hellman and EC D-H. DH is optional (as it has always been), EC D-H is mandatory to implement
magnus: Thomas provided a good
summary
... a curve should be identified for encryption
bal: should standardize on p256 curve mandatory
<scribe> ACTION: bal to Draft text encryption algorithms regarding ECC algorithms and what curves should be used [recorded in http://www.w3.org/2009/03/03-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-227 - Draft text encryption algorithms regarding ECC algorithms and what curves should be used [on Brian LaMacchia - due 2009-03-10].
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0102.html
fjh: have we missed something about EC Point types.
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0104.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0103.html
<bal> basically we deferred from FPWD the question of whether to restructure the ECParametersType and ECValidationType types
fjh: what we have in the draft is correct?
magnus: have updated proposal to
make it clearer
... can we talk about the updates next week?
fjh: do we need a formal proposal?
bal: start with outline that magnus proposed
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0101.html
bal: worried about it being a
first draft in IETF
... does it have legs?
<fjh> defer until better understanding of IETF status
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0114.html
fjh: do we need to do anything? will carry forward when Konrad is here
fjh: list is becoming hard to
manage.
... would like to boil down list to a smaller set.
gerald-e: how do we boil it down?
fjh: send list of issues that we believe are closed and see if everyone is ok with it
<scribe> ACTION: gerald: send a message to the list of closed issues and how they were closed [recorded in http://www.w3.org/2009/03/03-xmlsec-minutes.html#action04]
<trackbot> Created ACTION-228 - Send a message to the list of closed issues and how they were closed [on Gerald Edgar - due 2009-03-10].
<fjh> close pending actions listed in agenda
fjh: will close the pending actions
<fjh> http://www.w3.org/2008/xmlsec/track/actions/open
fjh: everyone please review your actions, note how it was completed and send a notification
hal: can host if needed
fjh: looks Boston will work, just
a question on who host
... 12 & 13 of may are the dates for Boston.