Hi Frederick, On Thu, Feb 7, 2013 at 4:24 PM, <Frederick.Hirsch@xxxxxxxxx> wrote: > Don > > I've received feedback from XML Security working group members that propose you change the URIs in the draft RFC for AES Key Wrap with Padding to match what is in XML Encryption 1.1, both because we are going to Recommendation and because there is code that currently uses those values. > > Can you please make the change, using the xmlenc11 URIs I listed below in item 1? Sure, I'll do that. > Thanks > regards, Frederick > > Frederick Hirsch > Nokia > > > On Feb 7, 2013, at 11:04 AM, wrote: > >> Donald >> >> Some additional comments on draft http://tools.ietf.org/pdf/draft-eastlake-additional-xmlsec-uris-08.pdf >> >> sorry about the delay getting these comments to you. >> >> (1) We have defined different *informative* URIs for AES Key Wrap with Padding in XML Encryption 1.1 [http://www.w3.org/TR/xmlenc-core1/#sec-kw-aes-with-pad] which are different from those in the RFC, namely >> >> http://www.w3.org/2009/xmlenc11#kw-aes-128-pad >> http://www.w3.org/2009/xmlenc11#kw-aes-192-pad >> http://www.w3.org/2009/xmlenc11#kw-aes-256-pad >> >> I suggest we change this informative appendix of XML Encryption 1.1 (and the Security Algorithms Cross-Reference) to match what is in the RFC draft. Thomas, is there any problem with that at this PR stage? >> >> Those in the RFC draft are: >> >> http://www.w3.org/2007/05/xmldsig-more#kw-aes128-pad >> http://www.w3.org/2007/05/xmldsig-more#kw-aes192-pad >> http://www.w3.org/2007/05/xmldsig-more#kw-aes256-pad As above, I'll change the draft to use the ...//2009/xmlenc11#... URIs. >> (2) ConcatKDF fragment needs fixing in 4.1 and change log Appendix A due to a typo >> >> "2009/xmlenc11#ConctKDF [XMLENC]" should be "2009/xmlenc11#ConcatKDF [XMLENC]" >> >> "#ConctKDF," should be "#ConcatKDF," OK. >> (3) To some degree the fragment index and URI index replicate the published W3C Note, XML Security Algorithm Cross-Reference and could be incorporated there. If you would like to incorporate this information there, that seems fine. But I'd like to leave it in the draft also. >> (4) I suggest an update to the Introduction to mention XML Security 1.1 as follows >> >> after "All of these standards and recommendations use URIs [RFC3986] to identify algorithms and keying information types." >> >> add >> >> "The W3C has subsequently produced updated XML Signature 1.1 [XMLDSIG11] and XML Encryption 1.1 [XMLENC11} versions as well as a new XML Signature Properties specification [XMLDSIG-PROPERTIES]. OK. >> (5) Typo in introduction >> >> "Canoncialization" should be "Canonicalization" OK. >> (6) References >> >> Add references to XML Signature 1.1, XML Encryption 1.1, XML Signature Properties, XML Security Algorithm Cross-Reference (all to be updated upon Recommendation publication) The current draft does have references to XML Signature 1.1 and XML Encryption 1.1. The RFC Reference format permits multiple document under a single tag and both 1.0 and 1.1 are included under the [XMLDSIG] and [XMLENC] tags. I'll add the other two documents. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@xxxxxxxxx >> Signature properties has added a namespace: xmlns dsp="http://www.w3.org/2009/xmldsig-properties"; >> >> [XMLDSIG-CORE1] >> D. Eastlake, J. Reagle, D. Solo, F. Hirsch, T. Roessler, K. Yiu. XML Signature Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work in progress) URL:http://www.w3.org/TR/2013/PR-xmldsig-core1-20130124/ >> >> [XMLENC-CORE1] >> J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and Processing Version 1.1. 24 January 2013. W3C Proposed Recommendation. (Work in progress) URL:http://www.w3.org/TR/2013/PR-xmlenc-core1-20130124/ >> >> [XMLDSIG-PROPERTIES] >> Frederick Hirsch. XML Signature Properties. 24 January 2013. W3C Proposed Recommendation. (Work in progress.) URL: http://www.w3.org/TR/2013/PR-xmldsig-properties-20130124/ >> >> [XMLSEC-ALGS] F Hirsch, T Roessler, K Yiu XML Security Algorithm Cross-Reference, 24 January 2013 W3C Working Group Note http://www.w3.org/TR/2013/NOTE-xmlsec-algorithms-20130124/ >> >> >> regards, Frederick >> >> Frederick Hirsch, Nokia >> Chair XML Security WG