Hi All- a couple of FYIs re the "XML Digital Signatures for Widgets"
Proposed Recommendation [widgets-digsig]...
* You may recall widgets-digsig has a normative dependency on "XML
Signature Syntax and Processing Version 1.1" [xmldigsig-core1] andthe
"Elliptic Curve PAG" was created because of RIM's patent disclosure
against xmldigsig-core1. This PAG is now closed and its report is
availableat [Report].
* For various reason (see below for details), xmldigsig-core1has moved
from CR back to LCWD. Consequently, the earliest a widgets-digsig REC
can be published is January 2013(the delay caused by both the LC's new
Call for Exclusions period plus the end of the year publishing blackout).
-AB
[widgets-digsig] <http://www.w3.org/TR/2011/PR-widgets-digsig-20110811/>
[xmldigsig-core1] <http://www.w3.org/TR/xmldsig-core1/>
[Report] <http://www.w3.org/2011/xmlsec-pag/pagreport.html>
-------- Original Message --------
Subject: Last Call working drafts of XML Signature 1.1 and XML
Encryption 1.1 published
Date: Fri, 19 Oct 2012 17:13:54 -0400
From: Hirsch Frederick (Nokia-CIC/Boston) <[email protected]>
To: W3C XML Coordination <[email protected]>
CC: Hirsch Frederick (Nokia-CIC/Boston) <[email protected]>,
Barstow Art (Nokia-CIC/Boston) <[email protected]>
The XML Security WG has published Last Call working drafts of XML Signature 1.1
and XML Encryption 1.1:
XML Signature Syntax and Processing Version 1.1 -
http://www.w3.org/TR/2012/WD-xmldsig-core1-20121018/
XML Encryption Syntax and Processing Version 1.1 -
http://www.w3.org/TR/2012/WD-xmlenc-core1-20121018/
Please share the drafts for review of the latest changes (outlined in the
status sections of the documents) and please let the XML Security WG know of
any concerns (to the address listed in the documents).
These documents were previously published as CR drafts. The reason for the
return to Last Call is outlined in the following message to the chairs list [1]:
[[
XML Signature 1.1 was previously published as a Candidate Recommendation and then
returned to Last Call since an item not marked as "at risk" was removed from
the specification due to lack of interoperability testing (OCSPResponse), changes were
made to references and language related to Elliptic Curve algorithms at the
recommendation of the XML Security PAG [2], missing algorithm identifiers noted during
interoperability testing were added for the SHA224 family of algorithms, the Exclusive
C14N omits comments algorithm was added as required to implement, reflecting existing
practice, and a correction was made by changing the KeyInfoReference implementation
requirement to should instead of RetrievalMethod. There were also updates to references
and some editorial improvements. Given the normative changes as a result of
interoperability testing and review the working group agreed to another Last Call
progressing then to PR.
XML Encryption 1.1 was previously published as a Candidate Recommendation and then
returned to Last Call since some normative material that had not been marked as
"at-risk" was moved to an informative appendix (AES-128/192/256-pad symmetric
key wrap algorithm), AES192-GCM was added as an optional to implement block encryption
algorithm after noted as missing during interoperability, and the requirement for the RSA
1.5 key transport algorithm was changed from required to optional to address security
concerns recently noted in the research literature. The working group agreed to another
Last Call progressing then to PR.
...
[2] https://lists.w3.org/Archives/Member/w3c-ac-members/2012OctDec/0020.html
]]
The intent of the XML Security WG is to go to PR as soon as possible for these
documents (and XML Signature Properties draft) after LC completes. Interop has
already been completed. The documents include links to documents summarizing
changes since the previous Recommendation - these explanation documents were
published as W3C Notes in conjunction with the Last Call publication.
Thanks
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
[1] https://lists.w3.org/Archives/Member/chairs/2012OctDec/0030.html
Begin forwarded message:
From: "Hirsch Frederick (Nokia-CIC/Boston)" <[email protected]>
Date: October 19, 2012 3:34:05 PM EDT
To: XMLSec WG Public List <[email protected]>
Cc: "Hirsch Frederick (Nokia-CIC/Boston)" <[email protected]>
Subject: Last Call working drafts of XML Signature 1.1 and XML Encryption 1.1
published
Last Call working drafts of XML Signature 1.1 and XML Encryption 1.1 have been
published:
XML Signature 1.1: http://www.w3.org/TR/2012/WD-xmldsig-core1-20121018/
XML Encryption 1.1: http://www.w3.org/TR/2012/WD-xmlenc-core1-20121018/
The Last Call ends 8 November 2012.
The corresponding "Functional Explanation of Changes" documents were published
as W3C Notes:
Functional Explanation of Changes in XML Signature 1.1:
http://www.w3.org/TR/2012/NOTE-xmldsig-core1-explain-20121018/
Functional Explanation of Changes in XML Encryption 1.1:
http://www.w3.org/TR/2012/NOTE-xmlenc-core1-explain-20121018/
Thanks to everyone in the working group for progressing this work.
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG
