IMPORANT: Comments on draft-eastlake-additional-xmlsec-uris-08

[<Frederick.Hirsch@nokia.com>]

Don

I've received feedback from XML Security working group members that propose you change the URIs in the draft RFC for AES Key Wrap with Padding to match what is in XML Encryption 1.1, both because we are going to Recommendation and because there is code that currently uses those values.

Can you please make the change, using the xmlenc11 URIs I listed below in item 1?

Thanks

regards, Frederick

Frederick Hirsch
Nokia



On Feb 7, 2013, at 11:04 AM,  wrote:

> Donald 
> 
> Some additional comments on draft http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf
> 
> sorry about the delay getting these comments to you.
> 
> (1) We have defined different *informative* URIs for AES Key Wrap with Padding in XML Encryption 1.1 [http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are different from those in the RFC, namely
> 
> http://www.w3.org/2009/xmlenc11#kw-aes-128-pad
> 
> http://www.w3.org/2009/xmlenc11#kw-aes-192-pad
> 
> http://www.w3.org/2009/xmlenc11#kw-aes-256-pad
> 
> I suggest we change this informative appendix of XML Encryption 1.1 (and the Security Algorithms Cross-Reference) to match what is in the RFC draft. Thomas, is there any problem with that at this PR stage?
> 
> Those in the RFC draft are:
> 
> http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad 
> 
> http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad 
> 
> http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad
> 
> (2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to a typo
> 
> "2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF [XMLENC]"
> 
> "#ConctKDF," should be "#ConcatKDF,"
> 
> (3) To some degree the fragment index and URI index replicate the published W3C Note, XML Security Algorithm Cross-Reference and could be incorporated there.
> 
> (4) I suggest an update to the Introduction to mention XML Security 1.1 as follows
> 
> after "All of these standards and recommendations use URIs [RFC3986] to identify algorithms and keying information types."
> 
> add
> 
> "The W3C has subsequently produced updated  XML Signature 1.1  [XMLDSIG11] and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature Properties specification [XMLDSIG-PROPERTIES].
> 
> (5) Typo in introduction
> 
> "Canoncialization" should be "Canonicalization"
> 
> (6) References
> 
> Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature Properties, XML Security Algorithm Cross-Reference (all to be updated upon Recommendation publication)
> 
> Signature properties has added a namespace: xmlns dsp="http://www.w3.org/2009/xmldsig-properties"
> 
> [XMLDSIG-CORE1]
> D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work in progress) URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/
> 
> [XMLENC-CORE1]
> J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/
> 
> [XMLDSIG-PROPERTIES]
> Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed Recommendation. (Work in progress.) URL: http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/
> 
> [XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm Cross-Reference, 24 January 2013 W3C Working Group Note http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/
> 
> 
> regards, Frederick
> 
> Frederick Hirsch, Nokia
> Chair XML Security WG
> 
> 
>