Last Call for Two XML Encryption 1.1 Specifications; Related Drafts Published

The XML Security Working Group has published a new Last Call Working Draft of "XML Encryption 1.1" to solicit review of changes since the previous Candidate Recommendation. The primary changes are to (1) make the AES-128-GCM algorithm mandatory to implement, to address newly publicized chosen-ciphertext attacks against the CBC class of algorithms, (2) add new security considerations related to chosen-ciphertext attacks, timing attacks, CBC block encryption vulnerabilities, and the insecure use of error messages, (3) add a new algorithm for the RSA-OAEP key transport that does not require SHA-1 with the mask generation function, enabling use of various hash MGF combinations.

The XML Security WG is also soliciting review of the Last Call working draft of "XML Encryption 1.1 CipherReference Processing using 2.0 Transforms". This specification brings the simplification benefits of the ongoing XML Security 2.0 effort to XML Encryption CipherReference transform processing. Feedback on both of these Last Call drafts is requested by 16 February 2012.

The Working Group also published today First Public Working Drafts of "Test Cases for XML Encryption 1.1" and "Test Cases for Canonical XML 2.0" and encourages community participation in developing further tests and performing testing. In addition, they updated "XML Security Algorithm Cross-Reference" to reflect new algorithm definitions in XML Encryption 1.1. Learn more about the W3C Security Activity.