Re: IMPORANT: Comments on draft-eastlake-additional-xmlsec-uris-08
Thanks Donald I missed the fact that the references were combined. Please let me know the RFC # and info I need to update the W3C documents as soon as it is clear. regards, Frederick Frederick Hirsch Nokia On Feb 7, 2013, at 5:27 PM, ext Donald Eastlake wrote: > Hi Frederick, > > On Thu, Feb 7, 2013 at 4:24 PM, wrote: >> Don >> >> I've received feedback from XML Security working group members that propose >> you change the URIs in the draft RFC for AES Key Wrap with Padding to match >> what is in XML Encryption 1.1, both because we are going to Recommendation >> and because there is code that currently uses those values. >> >> Can you please make the change, using the xmlenc11 URIs I listed below in >> item 1? > > Sure, I'll do that. > >> Thanks >> regards, Frederick >> >> Frederick Hirsch >> Nokia >> >> >> On Feb 7, 2013, at 11:04 AM, wrote: >> >>> Donald >>> >>> Some additional comments on draft >>> http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf >>> >>> sorry about the delay getting these comments to you. >>> >>> (1) We have defined different *informative* URIs for AES Key Wrap with >>> Padding in XML Encryption 1.1 >>> [http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are >>> different from those in the RFC, namely >>> >>> http://www.w3.org/2009/xmlenc11#kw-aes-128-pad >>> http://www.w3.org/2009/xmlenc11#kw-aes-192-pad >>> http://www.w3.org/2009/xmlenc11#kw-aes-256-pad >>> >>> I suggest we change this informative appendix of XML Encryption 1.1 (and >>> the Security Algorithms Cross-Reference) to match what is in the RFC draft. >>> Thomas, is there any problem with that at this PR stage? >>> >>> Those in the RFC draft are: >>> >>> http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad >>> http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad >>> http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad > > As above, I'll change the draft to use the ...//2009/xmlenc11#... URIs. > >>> (2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to >>> a typo >>> >>> "2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF >>> [XMLENC]" >>> >>> "#ConctKDF," should be "#ConcatKDF," > > OK. > >>> (3) To some degree the fragment index and URI index replicate the published >>> W3C Note, XML Security Algorithm Cross-Reference and could be incorporated >>> there. > > If you would like to incorporate this information there, that seems > fine. But I'd like to leave it in the draft also. > >>> (4) I suggest an update to the Introduction to mention XML Security 1.1 as >>> follows >>> >>> after "All of these standards and recommendations use URIs [RFC3986] to >>> identify algorithms and keying information types." >>> >>> add >>> >>> "The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11] >>> and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature >>> Properties specification [XMLDSIG-PROPERTIES]. > > OK. > >>> (5) Typo in introduction >>> >>> "Canoncialization" should be "Canonicalization" > > OK. > >>> (6) References >>> >>> Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature >>> Properties, XML Security Algorithm Cross-Reference (all to be updated upon >>> Recommendation publication) > > The current draft does have references to XML Signature 1.1 and XML > Encryption 1.1. The RFC Reference format permits multiple document > under a single tag and both 1.0 and 1.1 are included under the > [XMLDSIG] and [XMLENC] tags. > > I'll add the other two documents. > > Thanks, > Donald > = > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > 155 Beaver Street, Milford, MA 01757 USA > d3e...@gmail.com > >>> Signature properties has added a namespace: xmlns >>> dsp="http://www.w3.org/2009/xmldsig-properties"; >>> >>> [XMLDSIG-CORE1] >>> D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML >>> Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed >>> Recommendation. (Work in progress) >>> URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ >>> >>> [XMLENC-CORE1] >>> J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and >>> Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work >>> in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/ >>> >>> [XMLDSIG-PROPERTIES] >>> Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed >>> Recommendation. (Work in progress.) URL: >>> http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/ >>> >>> [XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm >>> Cross-Reference, 24 January 2013 W3C Working Group Note >>> http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ >>> >>> >>> regards, Frederick >>> >>> Frederick Hirsch, Nokia >>> Chair XML Security WG
IMPORANT: Comments on draft-eastlake-additional-xmlsec-uris-08
Don I've received feedback from XML Security working group members that propose you change the URIs in the draft RFC for AES Key Wrap with Padding to match what is in XML Encryption 1.1, both because we are going to Recommendation and because there is code that currently uses those values. Can you please make the change, using the xmlenc11 URIs I listed below in item 1? Thanks regards, Frederick Frederick Hirsch Nokia On Feb 7, 2013, at 11:04 AM, wrote: > Donald > > Some additional comments on draft > http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf > > sorry about the delay getting these comments to you. > > (1) We have defined different *informative* URIs for AES Key Wrap with > Padding in XML Encryption 1.1 > [http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are different > from those in the RFC, namely > > http://www.w3.org/2009/xmlenc11#kw-aes-128-pad > > http://www.w3.org/2009/xmlenc11#kw-aes-192-pad > > http://www.w3.org/2009/xmlenc11#kw-aes-256-pad > > I suggest we change this informative appendix of XML Encryption 1.1 (and the > Security Algorithms Cross-Reference) to match what is in the RFC draft. > Thomas, is there any problem with that at this PR stage? > > Those in the RFC draft are: > > http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad > > http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad > > http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad > > (2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to a > typo > > "2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF [XMLENC]" > > "#ConctKDF," should be "#ConcatKDF," > > (3) To some degree the fragment index and URI index replicate the published > W3C Note, XML Security Algorithm Cross-Reference and could be incorporated > there. > > (4) I suggest an update to the Introduction to mention XML Security 1.1 as > follows > > after "All of these standards and recommendations use URIs [RFC3986] to > identify algorithms and keying information types." > > add > > "The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11] > and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature > Properties specification [XMLDSIG-PROPERTIES]. > > (5) Typo in introduction > > "Canoncialization" should be "Canonicalization" > > (6) References > > Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature > Properties, XML Security Algorithm Cross-Reference (all to be updated upon > Recommendation publication) > > Signature properties has added a namespace: xmlns > dsp="http://www.w3.org/2009/xmldsig-properties"; > > [XMLDSIG-CORE1] > D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML > Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed > Recommendation. (Work in progress) > URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ > > [XMLENC-CORE1] > J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and > Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work > in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/ > > [XMLDSIG-PROPERTIES] > Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed > Recommendation. (Work in progress.) URL: > http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/ > > [XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm > Cross-Reference, 24 January 2013 W3C Working Group Note > http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ > > > regards, Frederick > > Frederick Hirsch, Nokia > Chair XML Security WG > > >
Re: IMPORANT: Comments on draft-eastlake-additional-xmlsec-uris-08
Hi Frederick, On Thu, Feb 7, 2013 at 4:24 PM, wrote: > Don > > I've received feedback from XML Security working group members that propose > you change the URIs in the draft RFC for AES Key Wrap with Padding to match > what is in XML Encryption 1.1, both because we are going to Recommendation > and because there is code that currently uses those values. > > Can you please make the change, using the xmlenc11 URIs I listed below in > item 1? Sure, I'll do that. > Thanks > regards, Frederick > > Frederick Hirsch > Nokia > > > On Feb 7, 2013, at 11:04 AM, wrote: > >> Donald >> >> Some additional comments on draft >> http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf >> >> sorry about the delay getting these comments to you. >> >> (1) We have defined different *informative* URIs for AES Key Wrap with >> Padding in XML Encryption 1.1 >> [http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are different >> from those in the RFC, namely >> >> http://www.w3.org/2009/xmlenc11#kw-aes-128-pad >> http://www.w3.org/2009/xmlenc11#kw-aes-192-pad >> http://www.w3.org/2009/xmlenc11#kw-aes-256-pad >> >> I suggest we change this informative appendix of XML Encryption 1.1 (and the >> Security Algorithms Cross-Reference) to match what is in the RFC draft. >> Thomas, is there any problem with that at this PR stage? >> >> Those in the RFC draft are: >> >> http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad >> http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad >> http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad As above, I'll change the draft to use the ...//2009/xmlenc11#... URIs. >> (2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to >> a typo >> >> "2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF >> [XMLENC]" >> >> "#ConctKDF," should be "#ConcatKDF," OK. >> (3) To some degree the fragment index and URI index replicate the published >> W3C Note, XML Security Algorithm Cross-Reference and could be incorporated >> there. If you would like to incorporate this information there, that seems fine. But I'd like to leave it in the draft also. >> (4) I suggest an update to the Introduction to mention XML Security 1.1 as >> follows >> >> after "All of these standards and recommendations use URIs [RFC3986] to >> identify algorithms and keying information types." >> >> add >> >> "The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11] >> and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature >> Properties specification [XMLDSIG-PROPERTIES]. OK. >> (5) Typo in introduction >> >> "Canoncialization" should be "Canonicalization" OK. >> (6) References >> >> Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature >> Properties, XML Security Algorithm Cross-Reference (all to be updated upon >> Recommendation publication) The current draft does have references to XML Signature 1.1 and XML Encryption 1.1. The RFC Reference format permits multiple document under a single tag and both 1.0 and 1.1 are included under the [XMLDSIG] and [XMLENC] tags. I'll add the other two documents. Thanks, Donald = Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e...@gmail.com >> Signature properties has added a namespace: xmlns >> dsp="http://www.w3.org/2009/xmldsig-properties"; >> >> [XMLDSIG-CORE1] >> D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML >> Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed >> Recommendation. (Work in progress) >> URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ >> >> [XMLENC-CORE1] >> J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and >> Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work >> in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/ >> >> [XMLDSIG-PROPERTIES] >> Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed >> Recommendation. (Work in progress.) URL: >> http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/ >> >> [XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm >> Cross-Reference, 24 January 2013 W3C Working Group Note >> http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ >> >> >> regards, Frederick >> >> Frederick Hirsch, Nokia >> Chair XML Security WG
