CfC: Publish updated WD of XML Encryption 1.1 & Security Algorithm Cross-Reference from Frederick.Hirsch@nokia.com on 2011-12-01 (public-xmlsec@w3.org from December 2011)

From: <Frederick.Hirsch@nokia.com>
Date: Thu, 1 Dec 2011 22:39:03 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <4B7C1E72-6713-46D7-9C97-A0DD78E28090@nokia.com>

This is a Call for Consensus to publish an updated WD of XML Encryption 1.1 and the Security Algorithm Cross-Reference.

We've made some important changes to XML Encryption since we last published the CR draft in March 2011 [1], including some substantive changes. Changes since the CR publication include:

Substantive changes

  *   add type='anyURI' to Algorithm for AlgorithmIdentifierType, ACTION-824
  *   make AES-128-GCM mandatory, add warnings for CBC block encryption algorithms, related reference
  *   Add new algorithm for RSA-OAEP that allows definition of mask generation function, with new URI
  *
  *   add URI definitions for MGF1 with SHA*, add RFC 4055 reference
  *
  *   add new security considerations section on timing attacks

Editorial changes

  *   changed "[XMLENC-CORE1]" to "(XMLENC-CORE1, this document)" in media type section to avoid generating normative self reference, to resolve LC-2541
  *
  *   revise base64 note in algorithms section, add item for Encoding in 3.1. Clarifications to resolve LC-2542
  *
  *   namespace ("&xenc;") related edits
  *
  *
  *   add Note re ConcatKDF nonce in section 5.4.1
  *
  *   fix validation error, spelling, formatting of examples
  *   Clarification on PBKDF2 key length (to be added, see http://lists.w3.org/Archives/Public/public-xmlsec/2011Nov/0017.html)
  *   Update security considerations (open action on Hal)

The process suggests that this means we need to publish an updated working draft (WD), another Last Call and then another CR [2]. If the process  allows another path please let me know.

I suggest we publish the updated WD in conjunction with other upcoming publications so the changes are visible, assuming we have the update to the security considerations and other updates in place in time.

In conjunction with this we can publish an update of the Security Algorithm Cross-Reference with the new URIs added.

We could then enter another Last Call of XML Encryption 1.1 in January and progress from there.

Please indicate support or disagreement with publishing XML Encryption 1.1 as a new WD (and also publishing an update of the Security Algorithm Cross-Reference) by responding on the public list, before 9 November 2011. No response will be interpreted as agreement with publication.

regards, Frederick

Frederick Hirsch, Nokia
Chair XML Security WG

[1] http://www.w3.org/TR/2011/CR-xmlenc-core1-20110303/

[2] http://www.w3.org/2005/10/Process-20051014/tr.html#return-to-wg

Received on Thursday, 1 December 2011 22:39:41 UTC