Pending. Open for re-assignment.
Pending.
...
ACTION Reagle: change to a child element, cc: Merlin/Takeshi to see if they oppose.
ACTION Reagle: change to choice.
ACTION Reagle: add warning text on this point if it doesn't already exist, "decrypted content may not be well-formed XML."
Reagle: I believe this functionality is addressed directly by XML Signature.
Telecon participants agree.
Reagle: I expect I'm not understanding the issue well, while I appreciate the algorithm itself might provide for a nonce, how would this redundancy hurt anything?
Dillaway: agrees with Takeshi, EncryptedKey shouldn't have a nonce because it can complicate the algorithms. For example, some algorithms expect particular key sizes that this would confuse.
ACTION Reagle: remove Nonce attribute from Encrypted Key.
(Section 5)
Yes, one can specify the approriate algorithm and identifier."
Dillaway: this might be accomplished via a Transform that contains a digest within a CipherReference.
ACTION Simon: send email to a list exploring this scenario.
Dillaway: way back when, we decided not to address threshold schemes. When Barb Fox asked the question, there was a resounding "no." However, I don't have a prolbem with someone layering it on top of what we specified.
Reagle: do we then have some obligation to show how it can be done? Is anyone interested in this enough to take that on?
Dillaway: Might have time in three weeks time.
Simon: Perhaps we could ask Rivest to point out if it can't be done.
Reagle: we made SignatureMethod optional in xmldsig...
Dillaway: Agrees it can be dangerous, but its difficult to keep people from doing it in their protocol if they always use a particular algorithm, just seems redundant to them then.
Reagle: Do people on this call support any scenarios presently where this information isn't sent?
Dillaway: Not yet, but I can think of a couple of protocol scenarios where this is unnecessary overhead.
ACTION Reagle: add warning text if there's a place where it seem approriate, assume they both know and they are wrong.
Reagle: is there a security problem when it relates to signing, where someone signs the ciphertext, but subsitutes a different message with different algorith?... Suppose not, as we already say if people want to secure plain text, that's what they need to sign.
Simon: someone encrypted a flower, but gets white noise, the plaintext should've been signed.
ACTION Eastlake: tweak the c14n in section 5, include exclusive canonicalization as an algorithm.
ACTION Eastlake: Edit section 5.5 .
Defer until Eastlake can respond.
Defer to Eastlake.
Defer to Eastlake.