See also: IRC log
<trackbot> Date: 23 June 2009
<scribe> ScribeNick: shivaram
<fjh> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0068.html
<fjh> Next meeting: 7 July, scribe Cynthia Martin
<esimon2> Ed will be IRC-only today and sometimes unavailable.
<fjh> Agenda: http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0068.html
<fjh> TPAC Overview: http://www.w3.org/2009/11/TPAC/overview.html
No Meeting next week
http://www.w3.org/2009/11/TPAC/overview.html
<fjh> Please register: http://www.w3.org/2002/09/wbs/35125/TPAC09/
<fjh> XML Security Thursday and Friday 5-6 November as originally planned.
<Cynthia> No problem making the Interop wiki public
Resolution: Wiki on public
interop is ok
... Wiki on interop will be made public
<fjh> Certicom IETF IPR statement
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0060.html
<Cynthia> Please take a look at https://datatracker.ietf.org/ipr/1153/
http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/att-0012/16-xmlsec-minutes.html
<Cynthia> The process for licensing appears to have changed and may have implications to the customers
<Cynthia> Approve minutes
RESOLUTION: Minutes of 16 June 2009 Meeting approved
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0053.html
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm
<fjh> new derived key element section
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-DerivedKey
Magnus made changes in the XML Encryption spec
<fjh> section 5, algorithms
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Alg-KeyDerivation
<fjh> I think shorter name of KDF3 is fine and possibly clear enough
<fjh> KDF3 required, PBKDF2 optional
Magnus going thro' the http://www.w3.org/2008/xmlsec/Drafts/key-encapsulation/key-encapsulation.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0061.html
Magnus made corresponding updates to Schema document
<fjh> add SuppPrivInfo
Mangus has responded to Frederick comments - http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0069.html
<fjh> alternative algorithm encoding
Magnus suggests that some clarifying text can be added especially realated to KDFs
Brian wonders why he had 00s there
Kelvin states that this is a parameter in NIST SP800-56A which is not clearly defined
<fjh> i think we need to propose some clarifying text
<scribe> ACTION: Magnus write a proposal for use of Alg IDs for KDF key [recorded in http://www.w3.org/2009/06/23-xmlsec-minutes.html#action01]
<trackbot> Created ACTION-323 - Write a proposal for use of Alg IDs for KDF key [on Magnus Nyström - due 2009-06-30].
fjh on (4) - should not rely on default schema values
<fjh> magnus - recommend HMAC-SHA256, not default
Magnus states that HMAC-SHA256 is optional and will include this info in the proposal
Magnus did some update to ECDH
<fjh> additional work needed here: ?
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Alg-KeyAgreement
Magnus may have missed some more things in Key Derivation functions
<fjh> 5.6.2 Diffie-Hellman Key Agreement needs work
kyiu and bal will look at this closer probably next week
fjh wants to get this resolved by next meeting so that we can get this published by mid July
http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0006.html
<fjh> http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0006.html
<fjh> draft docuemnt
<fjh> http://www.w3.org/2008/xmlsec/Drafts/key-encapsulation/key-encapsulation.html
Magnus states that there are some MUSTs in this doc which are needed for implemenation. But, the doc itself is optional
<Cynthia> Here is one of the ISO links: http://www.iso.org/iso/catalogue_detail.htm?csnumber=37971
fjh recommends that this is a useful doc to have a closer look
fjh recommeds that having Key Transport Requirements and then Key Transport Algorithms
this was regarding section 4.4
having alg ID URIs looked strange here was the main concern
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0065.html
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0066.html
<fjh> please review
fjh requests review for any mistakes
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0056.html
pdatta is writing a XML 2.0 C14n spec - parameterized c14n using xmlspec. He is also working on XML Signature 2.0 draft , which only includes this new transform, and not include any of the 1.x transforms, rather the 2.0 draft will just point to relevant sections of 1.x.
xmlspec is a new markup for writing XML Specifications works with emacs and standard editors
pdatta will take a first stab at this by next meeting and may request help later as needed
<klanz> http://www.w3.org/2008/xmlsec/Drafts/transform-note/Makefile
<klanz> http://www.w3.org/2008/xmlsec/Drafts/transform-note/Overview.xml
<klanz> look at the source of the XML. e.g.: this was the transforms note
<fjh> XML Encryption 1.1 references
<fjh> http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/att-0044/xmlenc-ref.html
<Cynthia> I can review this today and get a response by COB
<scribe> ACTION: cynthia to review http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/att-0044/xmlenc-ref.html for normative and informative [recorded in http://www.w3.org/2009/06/23-xmlsec-minutes.html#action02]
<trackbot> Created ACTION-324 - Review http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/att-0044/xmlenc-ref.html for normative and informative [on Cynthia Martin - due 2009-06-30].
<scribe> ACTION: cynthia propose changes to Signature references [recorded in http://www.w3.org/2009/06/23-xmlsec-minutes.html#action03]
<trackbot> Created ACTION-325 - Propose changes to Signature references [on Cynthia Martin - due 2009-06-30].
<fjh> http://www.w3.org/2008/xmlsec/track/actions/open
<fjh> action-142?
<trackbot> ACTION-142 -- Brian LaMacchia to come up with identifiers and add to the algs doc for the new DSA algorithms -- due 2009-01-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/142
bal - action 142
bal will get send an update to this very soon
kyiu states that new URLs need to be defined
<fjh> action-158?
<trackbot> ACTION-158 -- Thomas Roessler to take pass through references in Dsig Core - update, split into normative/informative -- due 2009-03-30 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/158
<fjh> been reassigned to cynthia, peter
<fjh> action-217?
<trackbot> ACTION-217 -- Thomas Roessler to add boilerplate language about optional algorithms -- due 2009-03-18 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/217
<fjh> action-228?
<trackbot> ACTION-228 -- Gerald Edgar to send a message to the list of closed issues and how they were closed -- due 2009-03-10 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/228
<klanz> re 171 http://www.w3.org/2008/xmlsec/Drafts/c14n-note/
Need to coordinate this with Pdatta once his draft is complete
<klanz> re 257 http://lists.w3.org/Archives/Public/public-xmlsec/2009Jun/0030.html
<fjh> action-263?
<trackbot> ACTION-263 -- Ed Simon to generate working examples for ISSUE-115 and review how toolkits handle the issue -- due 2009-04-28 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/263
<fjh> ed, what is the status of action-263?
<klanz> re 267 is the same as 171
<fjh> action-280?
<trackbot> ACTION-280 -- Magnus Nyström to produce test cases for derived keys -- due 2009-05-19 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/280
<fjh> action-281?
<trackbot> ACTION-281 -- Sean Mullan to try to find an old apache impl without optimizations that we can use to compare performance numbers -- due 2009-05-19 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/281
Pdatta just wants to prove how slow this will be
Sean feels that numbers may not be realistic
fjh states we need a baseline
<fjh> have added optimization in updates to old code
Scantor states he can run tests to run the same with/without optimizations
<klanz> Issue 105 and action 297 are actually now on brian to follow up on http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0002.html
<klanz> as per the last call
Pdatta feels that this work is lower priority compared to the list of other things to do
Original apache implementation followed spec accurately and that can be used as baseline
with the new spec we somehow need to demonstrate how we have improved the performance
<fjh> demonstrating performance improvements - first against naive version of spec, or against new clever implementation of current 2nd edition, or for specific use cases
Scantor feels that we have new perf numbers
<klanz> rathole ?
fjh wants to document what we have accomplished here
with performance
<mullan> See http://santuario.apache.org/dist/java-library/old/
<mullan> 1.1 or 1.2 should probably be the ones without optimizations
<fjh> scott argues that comparing serialization and current performance is adequate, except for streaming large document
Scantor: the real improvements are with streaming and large documents
this work is non-trivial as code needs to be ported to come up with meaningful info
<fjh> scott notes issue is that would need to port test cases, because library api has changed
scantor states that performance improvement is 3x
for Scantor, the goal was to have a range of implementations (more than Java & C) as compared to Performance
<Gerald-e> performance is not an issue in our applications.
<fjh> sean notes could use link above and port samples to older api and compare numbers
<fjh> action-281: see http://santuario.apache.org/dist/java-library/old/
<trackbot> ACTION-281 Try to find an old apache impl without optimizations that we can use to compare performance numbers notes added
mullan feels that pdatta may have to put some minimal effort on porting the JSR code to Apache old libraries to get perf difference #s
<fjh> action-281 closed
<trackbot> ACTION-281 Try to find an old apache impl without optimizations that we can use to compare performance numbers closed
<fjh> action-283?
<trackbot> ACTION-283 -- Thomas Roessler to update algorithm xref draft to note new status of sha-1 -- due 2009-05-19 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/283
<fjh> action-285?
<trackbot> ACTION-285 -- Pratik Datta to write a draft of an XML Digital Signature 2.0 specification -- due 2009-05-19 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/285
<fjh> action-291?
<trackbot> ACTION-291 -- Scott Cantor to draft a proposed fix for E02 for exc c14n -- due 2009-05-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/291
<fjh> action-297?
<trackbot> ACTION-297 -- Konrad Lanz to propose change to 1.1 to address issue-105 -- due 2009-05-20 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/297
<klanz> Issue 105 and action 297 are actually now on brian to follow up on http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0002.html
<klanz> is the same as 298 I think
<fjh> action-300?
<trackbot> ACTION-300 -- Kelvin Yiu to create sample to illustrate ECDH-ES with AES key wrap -- due 2009-06-09 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/300
<fjh> action-300 closed
<trackbot> ACTION-300 Create sample to illustrate ECDH-ES with AES key wrap closed
<fjh> action-316?
<trackbot> ACTION-316 -- Thomas Roessler to introduce nazeera and aleksey; find out xmlsec release dates -- due 2009-06-22 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/316
<fjh> action-319?
<trackbot> ACTION-319 -- Kelvin Yiu to and brian to update DH & ECDH sections to take advantage of new KDF section -- due 2009-06-23 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/319
<fjh> action-320?
<trackbot> ACTION-320 -- Brian LaMacchia to draft language for HMAC section, 6.3.1 -- due 2009-06-23 -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/actions/320
<klanz> is the same as 298 and 298 isn't it?
<klanz> follow up
<klanz> Issue 105 and action 297 are actually now on brian to follow up on http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0002.html is the same as 298
<fjh> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-HMAC
<klanz> http://www.w3.org/2008/xmlsec/track/issues/105
<fjh> only multiples of 8 allowed...
<klanz> http://lists.w3.org/Archives/Member/member-xmlsec/2009Jun/0002.html
<fjh> so action-297 and 298 can be consolidated with action-320
<fjh> have to use byte boundary, verifier results..
<fjh> http://www.w3.org/2008/xmlsec/track/issues/open
<Cynthia> I believe we need to work on ISSUE-91 ECC can't be REQUIRED
fjh: this is still a TBD.
<fjh> issue-126?
<trackbot> ISSUE-126 -- Clarify XMLENC Section 5.8 (Message Authentication) -- OPEN
<trackbot> http://www.w3.org/2008/xmlsec/track/issues/126
<Cynthia> Suggestion: go through all actions and issues via mailing list before next meeting
<Gerald-e> the link for open issues is at http://www.w3.org/2008/xmlsec/track/issues/open
<Cynthia> Thank you- bye