|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
W3C Recommendation of 11 April 2013
|
|
3.
|
Justification for the specific reference:
|
|
|
This W3C standard defines XML Encryption Syntax and Processing rules that are used in this Recommendation
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
W3C is a Royalty Free organization. Identification of patent policy is available on the Web page http://www.w3.org/2004/01/pp-impl/
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
Document published in April 2013.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
Document published in April 2013. Latest version: https://www.w3.org/TR/xmlenc-core1/.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
See clause 8
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[AES]/
NIST FIPS 197: Advanced Encryption Standard (AES). November 2001. URL: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf/
[AES-WRAP]/
J. Schaad; R. Housley. RFC3394: Advanced Encryption Standard (AES) Key Wrap Algorithm. September 2002. IETF Informational RFC. URL: http://www.ietf.org/rfc/rfc3394.txt/
[AES-WRAP-PAD]/
R. Housley; M. Dworkin. RFC 5649: Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm. August 2009. IETF Informational RFC. URL: http://www.ietf.org/rfc/rfc5649.txt/
[ANSI-X9-44-2007]/
ANSI X9.44-2007: Key Establishment Using Integer Factorization Cryptography. URL: http://webstore.ansi.org/RecordDetail.aspx?sku=ANSI+X9.44-2007/
[CMS-WRAP]/
R. Housley. RFC3217: Triple-DES and R2 Key Wrapping. December 2001. IETF Informational RFC. URL: http://www.ietf.org/rfc/rfc3217.txt/
[DES]/
NIST FIPS 46-3: Data Encryption Standard (DES) . October 1999. URL: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf/
[ESDH]/
E. Rescorla. Diffie-Hellman Key Agreement Method.. IETF RFC 2631 Standards Track, 1999. URL: http://www.ietf.org/rfc/rfc2631.txt/
[EXI]/
Takuki Kamiya; John Schneider. Efficient XML Interchange (EXI) Format 1.0. 8 December 2009. W3C Candidate Recommendation. URL: http://www.w3.org/TR/2009/CR-exi-20091208//
[FIPS-180-3]/
FIPS PUB 180-3 Secure Hash Standard. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/fips/fips180-3/fips180-3_final.pdf/
[FIPS-186-3]/
FIPS PUB 186-3: Digital Signature Standard (DSS). June 2009. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf/
[HMAC]/
H. Krawczyk, M. Bellare, R. Canetti. HMAC: Keyed-Hashing for Message Authentication. February 1997. IETF RFC 2104. URL: http://www.ietf.org/rfc/rfc2104.txt/
[NFC]/
M. Davis, Ken Whistler. TR15, Unicode Normalization Forms.. 17 September 2010, URL: http://www.unicode.org/reports/tr15//
[PKCS1]/
J. Jonsson and B. Kaliski. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational), February 2003. URL: http://www.ietf.org/rfc/rfc3447.txt/
[PKCS5]/
B. Kaliski. PKCS #5 v2.0: Password-Based Cryptography Standard. September 2000. IETF RFC 2898. URL: http://www.ietf.org/rfc/rfc2898.txt/
[PKCS5Amd1]/
PKCS #5 v2.0 Amendment 1: XML Schema for Password-Based Cryptography RSA Laboratories, March 2007. URL: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs-5v2-0a1.pdf/
[RANDOM]/
D. Eastlake, S. Crocker, J. Schiller. Randomness Recommendations for Security.. IETF RFC 4086. June 2005. URL: http://www.ietf.org/rfc/rfc4086.txt/
[RFC2045]/
N. Freed and N. Borenstein. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. November 1996. URL: http://www.ietf.org/rfc/rfc2045.txt/
[RFC2119]/
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Internet RFC 2119. URL: http://www.ietf.org/rfc/rfc2119.txt/
[RFC4055]/
J. Schaad, B. Kaliski, R. Housley. Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. June 2005. IETF RFC 4055. URL: http://www.ietf.org/rfc/rfc4055.txt/
[RIPEMD-160]/
B. Preneel, A. Bosselaers, and H. Dobbertin. The Cryptographic Hash Function RIPEMD-160. CryptoBytes, Volume 3, Number 2. pp. 9-14, RSA Laboratories 1997. URL: http://www.cosic.esat.kuleuven.be/publications/article-317.pdf/
[SP800-38D]/
M. Dworkin. NIST Special Publication 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. November 2007 URL: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf/
[SP800-56A]/
NIST Special Publication 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised). March 2007 URL: http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf/
[SP800-67]/
Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revised January 2012. SP-800-67 Revision 1. U.S. Department of Commerce/National Institute of Standards and Technology. URL: http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf/
[URI]/
T. Berners-Lee; R. Fielding; L. Masinter. Uniform Resource Identifiers (URI): generic syntax. January 2005. RFC 3986. URL: http://www.ietf.org/rfc/rfc3986.txt/
[XML-ENCRYPTION-REQ]/
Joseph Reagle. XML Encryption Requirements. 4 March 2002. W3C Note. URL: http://www.w3.org/TR/2002/NOTE-xml-encryption-req-20020304/
[XML-NAMES]/
Richard Tobin et al. Namespaces in XML 1.0 (Third Edition). 8 December 2009. W3C Recommendation. URL: http://www.w3.org/TR/2009/REC-xml-names-20091208//
[XML10]/
C. M. Sperberg-McQueen et al. Extensible Markup Language (XML) 1.0 (Fifth Edition). 26 November 2008. W3C Recommendation. URL: http://www.w3.org/TR/2008/REC-xml-20081126//
[XMLDSIG-CORE1]/
D. Eastlake; J. Reagle; D. Solo; F. Hirsch; T. Roessler; K. Yiu. XML Signature Syntax and Processing Version 1.1. 11 April 2013. W3C Recommendation. URL: http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411//
[XMLSCHEMA-1]/
Henry S. Thompson et al. XML Schema Part 1: Structures Second Edition. 28 October 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-xmlschema-1-20041028//
[XMLSCHEMA-2]/
Paul V. Biron; Ashok Malhotra. XML Schema Part 2: Datatypes Second Edition. 28 October 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-xmlschema-2-20041028//
[XPATH]/
James Clark; Steven DeRose. XML Path Language (XPath) Version 1.0. 16 November 1999. W3C Recommendation. URL: http://www.w3.org/TR/1999/REC-xpath-19991116//
[Davis]/
Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML. D. Davis. USENIX Annual Technical Conference. 2001. URL: http://www.usenix.org/publications/library/proceedings/usenix01/davis.html/
[ECC-ALGS]/
D. McGrew; K. Igoe; M. Salter. RFC 6090: Fundamental Elliptic Curve Cryptography Algorithms. February 2011. IETF Informational RFC. URL: http://www.rfc-editor.org/rfc/rfc6090.txt/
[MIME-REG]/
N. Freed, J. Klensin. RFC 4289: Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures. December 2005. Best Current Practice. URL: http://www.ietf.org/rfc/rfc4289.txt/
[OAEP-ATTACK]/
Manger, James. A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0. URL: http://archiv.infsec.ethz.ch/education/fs08/secsem/Manger01.pdf/
[RELAXNG-SCHEMA]/
Information technology -- Document Schema Definition Language (DSDL) -- Part 2: Regular-grammar-based validation -- RELAX NG. ISO/IEC 19757-2:2008. URL: http://standards.iso.org/ittf/PubliclyAvailableStandards/c052348_ISO_IEC_19757-2_2008(E).zip/
[RFC3218]/
E. Rescorla. Preventing the Million Message Attack on Cryptographic Message Syntax (RFC 3218). January 2002. RFC. URL: http://www.rfc-editor.org/rfc/rfc3218.txt/
[SHA-1-Analysis]/
McDonald, C., Hawkes, P., and J. Pieprzyk. SHA-1 collisions now 252 . EuroCrypt 2009 Rump session. URL: http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf/
[SHA-1-Collisions]/
X. Wang, Y.L. Yin, H. Yu. Finding Collisions in the Full SHA-1. In Shoup, V., editor, Advances in Cryptology - CRYPTO 2005, 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, volume 3621 of LNCS, pages 17–36. Springer, 2005. URL: http://people.csail.mit.edu/yiqun/SHA1AttackProceedingVersion.pdf (also published in http://www.springerlink.com/content/26vljj3xhc28ux5m/)/
[Tobin]/
R. Tobin. Infoset for external entities. 2000. URL: http://lists.w3.org/Archives/Member/w3c-xml-core-wg/2000OctDec/0054 [XML Core mailing list, W3C Member Only]./
[XML-C14N]/
John Boyer. Canonical XML Version 1.0. 15 March 2001. W3C Recommendation. URL: http://www.w3.org/TR/2001/REC-xml-c14n-20010315/
[XML-C14N11]/
John Boyer; Glenn Marcy. Canonical XML Version 1.1. 2 May 2008. W3C Recommendation. URL: http://www.w3.org/TR/2008/REC-xml-c14n11-20080502//
[XML-EXC-C14N]/
Donald E. Eastlake 3rd; Joseph Reagle; John Boyer. Exclusive XML Canonicalization Version 1.0. 18 July 2002. W3C Recommendation. URL: http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718//
[XML-INFOSET]/
John Cowan; Richard Tobin. XML Information Set (Second Edition). 4 February 2004. W3C Recommendation. URL: http://www.w3.org/TR/2004/REC-xml-infoset-20040204//
[XML-MT]/
M. Murata, S. St.Laurent, D. Kohn. XML Media Types. IETF RFC 3023. URL: http://www.ietf.org/rfc/rfc3023.txt./
[XMLBASE]/
Jonathan Marsh; Richard Tobin. XML Base (Second Edition). 28 January 2009. W3C Recommendation. URL: http://www.w3.org/TR/2009/REC-xmlbase-20090128//
[XMLENC-BACKWARDS-COMP]/
Tibor Jager; Kenneth G. Paterson; Juraj Somorovsky. One Bad Apple: Backwards Compatibility Attacks on State-of-the-Art Cryptography. 2013. URL: http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility//
[XMLENC-CBC-ATTACK]/
Tibor Jager; Juraj Somorovsky. How to Break XML Encryption. 17-21 October 2011. CCS’11, ACM. URL: http://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption//
[XMLENC-CBC-ATTACK-COUNTERMEASURES]/
Juraj Somorovsky; Jörg Schwenk. Technical Analysis of Countermeasures against Attack on XML Encryption - or - Just Another Motivation for Authenticated Encryption. 2011. URL: http://www.w3.org/2008/xmlsec/papers/xmlEncCountermeasuresW3C.pdf/
[XMLENC-CORE1-CHGS]/
Frederick Hirsch. Functional Explanation of in XML Encryption 1.1. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmlenc-core1-explain-20130411//
[XMLENC-DECRYPT]/
Takeshi Imamura; Merlin Hughes; Hiroshi Maruyama. Decryption Transform for XML Signature. 10 December 2002. W3C Recommendation. URL: http://www.w3.org/TR/2002/REC-xmlenc-decrypt-20021210/
[XMLENC-PKCS15-ATTACK]/
Tibor Jager; Sebastian Schinzel; Juraj Somorovsky. Bleichenbacher"s Attack Strikes Again: Breaking PKCS#1.5 in XML Encryption. 2012. URL: http://www.nds.rub.de/research/publications/breaking-xml-encryption-pkcs15.pdf/
[XMLSEC-RELAXNG]/
Makoto Murata; Frederick Hirsch. XML Security RELAX NG Schemas. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmlsec-rngschema-20130411//
[XMLSEC11-REQS]/
Frederick Hirsch; Thomas Roessler. XML Security 1.1 Requirements and Design Considerations. 11 April 2013. W3C Working Group Note. URL: http://www.w3.org/TR/2013/NOTE-xmlsec-reqs-20130411/
|
|
9.
|
Qualification of
W3C:
|
|
|
W3C is qualified for including references in ITU-T Recommendations under Recommendation A.5 procedures.
|
|
10.
|
Other (for any supplementary information):
|
|
|
All standards are available on-line. An index of Recommendation and their status may be found in the W3C archives at http://www.w3.org/TR/ .
|
|
