CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 date: Tue, 15 Jul 2025 11:26:14 GMT content-type: text/html; charset=utf-8 content-location: Overview.html last-modified: Mon, 02 Oct 2017 10:47:02 GMT cache-control: max-age=31536000 expires: Wed, 15 Jul 2026 11:26:14 GMT vary: Accept-Encoding,Origin link: ;rel="canonical", ;rel="timegate", ;rel="original" access-control-allow-origin: * memento-datetime: Mon, 02 Oct 2017 10:47:02 GMT x-backend: www-mirrors x-request-id: 95f8e7593d678a2a strict-transport-security: max-age=15552000; includeSubdomains; preload content-security-policy: frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests cf-cache-status: BYPASS set-cookie: __cf_bm=tkV49GHH0qB5dH7VOMnLmuCBV03lfVIvilRqx5hxeY0-1752578774-1.0.1.1-lwjdpWi3gY2CFK_VciIFaaYVcn.8Xp_1daWDaQNJ2oAcJED_boKxexRsKjMDjBhb5r6nrr6Zw6Vf.6AnSFhthrd43zvDAQH1UIiNPvpGhZQ; path=/; expires=Tue, 15-Jul-25 11:56:14 GMT; domain=.w3.org; HttpOnly; Secure; SameSite=None server: cloudflare cf-ray: 95f8e7593d678a2a-BLR content-encoding: gzip alt-svc: h3=":443"; ma=86400 Functional Explanation of Changes in XML Encryption 1.1

Functional Explanation of Changes in XML Encryption 1.1

W3C Working Group Note 11 April 2013

This version:: https://www.w3.org/TR/2013/NOTE-xmlenc-core1-explain-20130411/
Latest published version:: https://www.w3.org/TR/xmlenc-core1-explain/
Latest editor's draft:: https://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-explain/
Previous version:: https://www.w3.org/TR/2013/NOTE-xmlenc-core1-explain-20130124/
Editor:: Frederick Hirsch

Abstract

This document provides a summary of non-editorial changes in XML Encryption 1.1 from the XML Encryption Recommendation.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.

In the case of any difference between this document and the XML Encryption 1.1 specification [XMLENC-CORE1], the XML Encryption 1.1 specification is authoritative.

This Working Group Note publication updates the references that have changed since the previous publication (diff).

This document was published by the XML Security Working Group as a Working Group Note. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All comments are welcome.

Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

1. Introduction
2. Changes
A. References
- A.1 Informative references

1. Introduction

This document summarizes non-editorial changes in XML Encryption 1.1 [XMLENC-CORE1] from the XML Encryption Recommendation [XMLENC-CORE].

2. Changes

2.1 Added Key Derivation

Added support for derived keys, in particular:

Added definitions of Key Derivation algorithms
- Added ConcatKDF algorithm.
- Added PBKDF2 algorithm.
Added XML DerivedKey element
Updated RetrievalMethod description to include DerivedKey.
Updated ReferenceList description to include DerivedKey.

2.2 Added Elliptic Curve Diffie-Hellman Key Agreement

Added Elliptic Curve Diffie-Hellman Key Agreement

2.3 Added Algorithms

Added AES-128-pad, AES-192-pad, and AES-256-pad Symmetric Key Wrap algorithms as OPTIONAL.
Added SHA-384 Message Digest as OPTIONAL
Added Canonical XML 1.1 (omit comments) as OPTIONAL
Added Canonical XML 1.1 with comments as OPTIONAL
Added key derivation algorithms, ConcatKDF as REQUIRED, PBKDF2 as OPTIONAL.
Added Key Agreements, Diffie-Hellman Key Agreement (Ephemeral-Static mode) with Legacy Key Derivation Function and explicit Key Derivation Functions as Optional, and Elliptic Curve Diffie-Hellman (Ephemeral-Static mode) as REQUIRED

For all algorithms added, algorithm identifiers and information were added to the specification.

2.4 Changed Algorithms

Changed SHA-1 Message Digest to REQUIRED, but DISCOURAGED.
Changed SHA-256 Message Digest to REQUIRED
Changed AES-128-GCM Block Encryption as REQUIRED, added warning about use of CBC block encryption algorithms and reference to paper on attack.
Enabled RSA-OAEP Key Transport to be used with arbitrary mask generation functions (e.g. SHA2 based) by defining an additional RSA-OAEP URI and significantly revising specification text. Added definition of new xenc11:MGF element.
Removed Message Authentication section (not normative)

2.5 Clarifications

Clarified AES-GCM Block Encryption description of the algorithm as equivalent to encryption followed by signing.
Revised processing rules section for clarity on aspects of processing model that are normative and those that are not.
Clarified the Encoding attribute in the EncryptedType element.
Clarified that the syntax of URI and Transforms in the CipherReference element is defined in XML Signature.
Clarified that base64 encoded text is contained as element content when CipherValue element is used.

2.6 Security Considerations Changes

Added security consideration information on Chosen Ciphertext Attacks, including attacks against encrypted data and encrypted key. Provide specific notes on CBC Block Encryption vulnerability, and the Bleichenbacher attack.
Added new security consideration for implementations to limit information included in error responses for security algorithms.
Added new security consideration warning implementers to consider timing attacks.
Added new security consideration section on Backward Compatibility attacks.

2.7 Other Changes

Provided new 1.1 namespace for new 1.1 schema items
Replaced normative SP800-56A reference (NIST Special Publication 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised). March 2007) for ECDH in Section 5.6.4 (Elliptic Curve Diffie-Hellman (ECDH) Key Agreement) with [ECC-ALGS] reference.

A. References

Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.

A.1 Informative references

[ECC-ALGS]: D. McGrew; K. Igoe; M. Salter. RFC 6090: Fundamental Elliptic Curve Cryptography Algorithms. February 2011. IETF Informational RFC. URL: https://www.rfc-editor.org/rfc/rfc6090.txt
[XMLENC-CORE]: Donald Eastlake; Joseph Reagle. XML Encryption Syntax and Processing. 10 December 2002. W3C Recommendation. URL: https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/
[XMLENC-CORE1]: J. Reagle; D. Eastlake; F. Hirsch; T. Roessler. XML Encryption Syntax and Processing Version 1.1. 11 April 2013. W3C Recommendation. URL: https://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/

Original Source | Taken Source