[Curdle] should we include xmldsig and xmlenc?
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 02 December 2015 12:48 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C78D1A899F for <curdle@ietfa.amsl.com>; Wed, 2 Dec 2015 04:48:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y6ZwQsY00r-W for <curdle@ietfa.amsl.com>; Wed, 2 Dec 2015 04:48:56 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C6CA1A8978 for <curdle@ietf.org>; Wed, 2 Dec 2015 04:48:56 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0D617BE53; Wed, 2 Dec 2015 12:48:55 +0000 (GMT)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D5m9sibWsjHu; Wed, 2 Dec 2015 12:48:54 +0000 (GMT)
Received: from [134.226.36.93] (bilbo.dsg.cs.tcd.ie [134.226.36.93]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 26A4CBE4D; Wed, 2 Dec 2015 12:48:54 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1449060534; bh=1Q9b8DcqGwGlzzB2//OsQ3HUHRbsbwFVEwqqFCHk1XM=; h=To:Cc:From:Subject:Date:From; b=UDnFUfAPIVnT16diFT59+jmauocz41dBYCnO1bDan7fP2cqTg7Ev77HwS3tll0S1o ROpv1HOVuJXYSgPSShdn6oGutY1jqxjwRjr8G1869M+BrU6HZA41dmTRBTMfdjBzQb vk28kBaMJyWyd89a22vhIVwDMxDPVwC/gqHDvjLw=
To: curdle@ietf.org
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <565EE8B6.2010903@cs.tcd.ie>
Date: Wed, 02 Dec 2015 12:48:54 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/curdle/UJZCEGM5obgqTebRRoQVW91uquE>
Cc: Mark Nottingham <mnot@mnot.net>, Wendy Seltzer <wseltzer@w3.org>
Subject: [Curdle] should we include xmldsig and xmlenc?
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 12:48:58 -0000
Hiya, I was at a thing with some w3c folks yesterday and mentioned curdle. It is conceivable that W3C may want to add codepoints to xmldsig and xmlenc for the new curves, just like we do. So far though, I've not seen anyone ask specifically for that. xmldsig was a joint bit of work between the IETF and W3C but that was a bit of a process-pain, so xmlenc was just done as a W3C thing. OTOH, Don Eastlake did write up an RFC for some additional algorithms for those as RFC6931 as well. [1] I guess that amicable divorce wasn't ever fully finalised:-) So, questions: 1. is there interest to define how to use the new curves for xmldsig and xmlenc? 2. if 1==yes, do we have volunteers to do the editing work? 3. if 1==yes and 2==yes, is curdle the right place to do that or should we just leave that to W3C to handle as and when they want? FWIW, I've no strong opinions on this, but if this group felt that the answers to all 3 questions are yes, then we should probably sort that out with W3C (one way or another) while we're chartering curdle. If any of the answers is no, then we're good as-is and there's nothing else we need do for now. Cheers, S. PS: mnot and Wendy are cc'd as they're the relevant liaison folks between the IETF and W3C. [1] https://tools.ietf.org/html/rfc6931
- [Curdle] should we include xmldsig and xmlenc? Stephen Farrell
- Re: [Curdle] should we include xmldsig and xmlenc? Simon Josefsson
- Re: [Curdle] should we include xmldsig and xmlenc? Simon Josefsson