ACTION-287: Align XMLENC 1.1 with XMLDSIG 1.1 from Magnus Nyström on 2009-05-27 (public-xmlsec@w3.org from May 2009)

From: Magnus Nyström <magnus@rsa.com>
Date: Wed, 27 May 2009 11:32:37 +0200 (W. Europe Daylight Time)
To: public-xmlsec@w3.org
Message-ID: <Pine.WNT.4.64.0905261824540.5584@W-JNISBETTEST-1.tablus.com>

All,

In response to ACTION-287, I have attempted to compare the normative 
statements on algorithms in XMLEnc 1.1 with those in XMLDsig 1.1. Besides 
the natural differences (XMLDsig not listing encryption algorithms and 
v.v.), there are a few areas where it does seem justified to align the 
two specs:

- XMLEnc has RIPEMD-160 listed as optional; XMLDsig does not mention this
   digest algorithm.
- XMLEnc just refers to XMLDsig for message authentication algorithms - we
   did discuss this during the F2F and having now looked at this more
   closely, my recommendation is to remove Section 5.8 (and the
   corresponding entry in 5.1) in XMLEnc 1.1 since, AFAICS, message auth is
   not mentioned or required elsewhere in XMLEnc.
- All canonicalization is optional in XMLEnc (maybe this is OK?).
- XMLEnc does not mention transform algorithms (but should probably given
   the CipherReference type, see XMLEnc Section 3.3.1). If the group
   agrees that it should, I guess the same normative statements as are in
   XMLDsig 1.1 with regards to transforms should apply?

-- Magnus

Received on Wednesday, 27 May 2009 09:33:52 UTC