This document summarizes the changes that the XML Security Working Group has made to the XML Signature Syntax and Processing Specification Second Edition in preparing a proposed 1.1.
Removed DTD snippets and all references to a DTD.
Updated to use ReSpec.js
Reformatted examples.
Updated to Version 1.1, updated date and version links. Updated editor information to add Kelvin Yiu as editor, updated entries for Frederick Hirsch and Thomas Roesssler to include 1.1 editing.
Update MIT address from lcs to csail.
Include 3.1.1, 3.1.2, Reference Generation, Signature Generation
Include 3.2.1, 3.2.2, Reference Validation, Signature Validation
Include 4.1, "CryptoBinary Simple Type"
Added new section, 4.5.3, "The ECKeyValue Element", include sub-sections "Explicit Curve Parameters", "Compatibility with RFC 4050"
Added new section, 4.5.8, "XML
Encryption EncryptedKey
and DerivedKey
Elements" (section title changed from
earlier drafts)
Added new section, 4.5.10, "The KeyInfoReference
Element"
Add subsections to 6.2 for SHA-1, SHA-256, SHA-384, SHA-512
Add subsections to 6.3 for HMAC
Add subsections to 6.4 for DSA, RSA (PKCS1), ECDSA
Added new section, 6.5.3, "Exclusive XML Canonicalization 1.0"
Changed title of section 9 from "Schema, DTD, Data Model, and Valid Examples" to "Schema"
Removed "Authors' Address" section
Added note that the standalone XSD schema file is authoritative in case there is any disagreement between it and the XSD schema portions in the specification.
Add new namespace for 1.1 specific features, while retaining earlier namespace for unchanged features. Clarification of use of namespace prefixes and XML internal entities. Clarification regarding versioning.
Affiliation update for Konrad Lanz. Add statement acknowledging contributions from the XML Security WG to 1.1.
Example updated to use rsa-sha256 SignatureMethod algorithm and sha256 DigestMethod algorithm.
Example updated to use sha256 DigestMethod algorithm.
Example updated to use sha256 DigestMethod algorithm.
Example updated to use sha256 DigestMethod algorithm.
Changed title of Section 3.1 to "Signature Generation" from "Core Generation"
Typo, fixed spacing between reference citations.
Added note indicating need for canonicalization as part of Reference Validation since changes could occur in serialization after Signature generation.
Added preamble for dsig11 namespace, including DOCTYPE and schema material.
Added minimum output length for HMACOutputLength
parameter
Added XPath Filter 2 Transform as alternative to URI fragment identifiers, in addition to XPath Transform.
KeyInfo
ElementEditorial, replace &dsig;
with
dsig:
.
Add new KeyInfo Type URIs for new child elements, specifically ECKeyValue and DEREncodedKeyValue, updating text and showing location in schema extension point using comments.
KeyValue
ElementChange RSA from RECOMMENDED to REQUIRED in note that the corresponding structured keys are defined in the Signature Algorithms section.
Add ECDSA as REQUIRED in list of formats.
Show placement of ECKeyValue in schema using comment.
ECKeyValue
ElementNew section
Define ECKeyValue element. Include editorial note that working group has considered but not accepted an alternative design and may change decision if additional information is obtained.
Fix typo, replace ECPublicKey
with ECKeyValue
.
Change URN attribute to URI attribute.
New section
Define ECParameters element.
Inserted reference to SEC-1 2.0 for verifiably random curves.
New section
Profile RFC 4050 with respect to ECDSA key formats.
RetrievalMethod
ElementAdd note to describe the need to use a Transform to obtain content of KeyInfo referenced by ID.
Note preferred use of KeyInfoReference
in
cases where referencing KeyInfo
element elsewhere.
X509Data
ElementAdd dsig11:OCSPResponse and dsig11:X509Digest elements to list of elements that may be included.
Add RECOMMENDED certificate encoding to be BER or DER subset.
Note placement of new elements in schema definition for X509Data, using comment at existing extension point. Add comment noting it should be in dsig11: namespace.
Deprecate and add note regarding use of X509IssuerSerial and possible issue with schema validation when large serial numbers are used.
Add note about the need to sign entire structure as a unit when using X509Data in explicitly trusted scenarios.
EncryptedKey
and DerivedKey
ElementsReplace xenc:Agreement
with xenc:DerivedKey
Add clarification regarding used of DerivedKey
element in this context.
New section
Add a KeyInfo representation for DER-Encoded Subject Public Key Info representation of public keys.
KeyInfoReference
Element New section for KeyInfoReference
.
Added note that the working group does not have consensus on mandatory algorithms and note some of the positions regarding the choice.
Reformat the list of algorithms into separate Required and Optional lists, for clarity.
Added text to SHA-1 to state that use is DISCOURAGED (but still REQUIRED).
Add SHA256 as REQUIRED Digest algorithm.
Add SHA384 and SHA512 as OPTIONAL Digest algorithms.
Added text to HMAC-SHA1 to state that use is DISCOURAGED
Changed HMAC-SHA256 to REQUIRED
Changed HMAC-SHA384, HMAC-SHA512 to RECOMMENDED (from OPTIONAL).
Add RSAwithSHA256 as REQUIRED Signature algorithm.
Add ECDSAwithSHA256 as REQUIRED Signature algorithm.
Change so that DSAwithSHA1 is only REQUIRED as Signature algorithm for Signature verification, but is OPTIONAL for Signature generation. Previously it was REQUIRED for both.
Add RSAwithSHA384,RSAwithSHA512, ECDSAwithSHA1, ECDSAwithSHA384, ECDSAwithSHA512 as optional Signature algorithms.
Add Exclusive XML Canonicalization 1.0 (omits comments) as REQUIRED canonicalization algorithm.
Add Exclusive XML Canonicalization 1.0 (with Comments) as RECOMMENDED canonicalization algorithm.
Add XPath Filter 2.0 as RECOMMENDED transform algorithm.
Add recommendation to use least expressive transform possible to achieve result.
Add note that implementation requirements for XPath transform may be downgraded to optional in future version of specification.
Added text to indicate that use of RSA-SHA1 and ECDSA-SHA1 is DISCOURAGED.
Add introduction noting possible concerns with digest algorithm resistance to collisions and strongly recommending use of SHA-256 in preference to SHA-1.
Add identifier and information for SHA-256 digest algorithm.
Add identifier and information for SHA-384 digest algorithm.
Add identifier and information for SHA-512 digest algorithm.
Add identifiers for HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512 algorithms.
Add clarifying text related to truncation length.
Add identifier fro dsa-sha256
Clarify DSA family with respect to FIPS 186-3.
Update references to RFC 3447 from RFC 2437.
Add security considerations note regarding DSA key sizes.
Change section title from "PKCS1 (RSA-SHA1)" to "RSA (PKCS#1 v1.5)".
Add identifiers for RSA-SHA256, RSA-SHA384, and RSA-SHA512 algorithms.
Update references to RFC 3447 from RFC 2437.
Clarify text regarding SignatureValue computation.
New section.
Identifiers and information for ECDSA algorithms, including ECDSA-SHA1, ECDSA-SHA256, ECDSA-SHA384, and ECDSA-SHA512 algorithms.
Remove text regarding Normalization Form C.
Add Exclusive XML Canonicalization to list of required canonicalization algorithms.
Clarify inputs and outputs for algorithm.
Clarify inputs and outputs for algorithm.
New Section
Define identifiers, input and output and other information for Exclusive XML Canonicalization 1.0.
Add text that implementation requirements are listed in the Algorithm Identifier and Implementation Requirements section.
Clarify inputs and outputs for algorithm.
Clarify inputs and outputs for algorithm.
Text clarifications.
Clarify inputs and outputs for algorithm.
Clarify inputs and outputs for algorithm.
Fix typo, replace "descendents" with "descendants".
Fix typo, replace "Implementors" with "Implementers".
Change title of section to Schema and remove all material related to DTD, RDF and examples. Note that examples replicated material elsewhere in the specification.
Add XML Signature 1.1 XSD Schema Instance to the list.
Add XML Signature 1.1 XSD Schema Driver to bind 1.0 and 1.1.
Add note that RELAX NG schema is available in separate document.
Add references to RCF 2560 (OCSP), RFC 3279 (PKIX), RFC 4050 (ECDSA for XML Digital Signatures) and RFC 4051 (Additional XML Security URIs).
Add references to SEC1 and SEC2 (Elliptic Curve Cryptography).
Add references to FIPS PUB 180-2 for SHA-256, SHA-384 and SHA-512.
Add reference to SP 800-57 for Key Management.
Add reference to RFC 3061 for URN namespace of Object Identifiers.
Add reference for XML Encryption.
Correct URIs associated with reference for XML Signature Requirements
Added reference to recent work on SHA-1 analysis (to be changed once paper appears on IACR.org).
Removed reference to SEC2 (not referenced)
Updated reference to SEC1 to 2.0 version.
Removed (temporary) reference to X9.62.
Updated Reference for FIPS-186-3 to reflect final publication. Changed DSS reference to be the FIPS-186-3 reference.
Split references into normative and informative. Updated the following references to reflect final publication: DOM, PGP, RFC3279 “Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile”, SEC, SHA-1, SHA-256, SHA-384, SHA-512, SOAP, XHTML 1.0, XMLDSIG-2002, XML-schema, XPath, XSL, URL, URN, XML-Japanese, XML-MT, XML-Signature-RD, and XSLT.
Added web link for ABA, 1363, and X509v3.
Drop reference to NFC corrigendum
Add normative reference for RFC 4055 and reference for SHA-1 Collisions. Add link for IEEE 1363 reference. Fix URN reference format. Put names first for consistency in OCSP, RANDOM, RFC4949, SAX and XML-Japanese. Add link and citation to title in IEEE1363. Use ECC-ALGS (McGrew IETF draft) as reference for Elliptic Curve algorithms.
Added reference for RELAX NG and reference to XML Security RELAX NG Schemas Note.
Reformatted and sorted by using ReSpec.js bibliography tool (updated common bibliography)
Updated link for HTTP11 reference to use HTTP instead of FTP reference.
Updated XML 1.0 reference to refer to Recommendation.