XML Encryption 1.1 is a candidate recommendation

The XML Security Working Group has published the Candidate Recommendation for XML Encryption Syntax and Processing 1.1. The most important update in this version addresses the lately published chosen-ciphertext attacks against the CBC class of algorithms. Besides that, AES 128-GCM is now a required algorithm. AES-GCM is an authenticated encryption algorithm and provides both authentication and privacy. RSA-OAEP, a key transport algorithm, offers more algorithm variants. The other updates were more or less polishing for the final recommendation.

The other updated recommendation is XML Encryption 1.1 CipherReference Processing using 2.0 Transforms, now a candidate recommendation too. This rather short document (for a W3C recommendation!) specifies how the XML Signature 2.0 transform model may be used with XML Encryption 1.1 for CipherReference processing.