Don
I've received feedback from XML Security working group members that propose you
change the URIs in the draft RFC for AES Key Wrap with Padding to match what is
in XML Encryption 1.1, both because we are going to Recommendation and because
there is code that currently uses those values.
Can you please make the change, using the xmlenc11 URIs I listed below in item
1?
Thanks
regards, Frederick
Frederick Hirsch
Nokia
On Feb 7, 2013, at 11:04 AM, wrote:
Donald
Some additional comments on draft
http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf
sorry about the delay getting these comments to you.
(1) We have defined different *informative* URIs for AES Key Wrap with
Padding in XML Encryption 1.1
[http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are different
from those in the RFC, namely
http://www.w3.org/2009/xmlenc11#kw-aes-128-pad
http://www.w3.org/2009/xmlenc11#kw-aes-192-pad
http://www.w3.org/2009/xmlenc11#kw-aes-256-pad
I suggest we change this informative appendix of XML Encryption 1.1 (and the
Security Algorithms Cross-Reference) to match what is in the RFC draft.
Thomas, is there any problem with that at this PR stage?
Those in the RFC draft are:
http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad
http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad
http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad
(2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to a
typo
"2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF [XMLENC]"
"#ConctKDF," should be "#ConcatKDF,"
(3) To some degree the fragment index and URI index replicate the published
W3C Note, XML Security Algorithm Cross-Reference and could be incorporated
there.
(4) I suggest an update to the Introduction to mention XML Security 1.1 as
follows
after "All of these standards and recommendations use URIs [RFC3986] to
identify algorithms and keying information types."
add
"The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11]
and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature
Properties specification [XMLDSIG-PROPERTIES].
(5) Typo in introduction
"Canoncialization" should be "Canonicalization"
(6) References
Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature
Properties, XML Security Algorithm Cross-Reference (all to be updated upon
Recommendation publication)
Signature properties has added a namespace: xmlns
dsp="http://www.w3.org/2009/xmldsig-properties";
[XMLDSIG-CORE1]
D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML
Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed
Recommendation. (Work in progress)
URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/
[XMLENC-CORE1]
J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and
Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work
in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/
[XMLDSIG-PROPERTIES]
Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed
Recommendation. (Work in progress.) URL:
http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/
[XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm
Cross-Reference, 24 January 2013 W3C Working Group Note
http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/
regards, Frederick
Frederick Hirsch, Nokia
Chair XML Security WG