W3C home > Mailing lists > Public > public-xmlsec@w3.org > December 2009

ISSUE-157 on Signature 1.1 Section 4.10, proposal, proposal, please review

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Fri, 4 Dec 2009 20:14:16 -0500
Message-Id: <EBA29AE1-AD41-46FA-A392-63F6D8F1F519@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
new issue, ISSUE-157

section 4.10 The MgmtData Element
http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-MgmtData

  refers to non-existent XML Encryption WG with a place holder.

[[ The MgmtData element within KeyInfo is a string value used to  
convey in-band key distribution or agreement data. For example, DH key  
exchange, RSA key encryption, etc. Use of this element is NOT  
RECOMMENDED. It provides a syntactic hook where in-band key  
distribution or agreement data can be placed. However, superior  
interoperable child elements of KeyInfo for the transmission of  
encrypted keys and for key agreement are being specified by the W3C  
XML Encryption Working Group and they should be used instead of  
MgmtData. ]]

Maybe it is time we changed this :)

How about

[[ The MgmtData element within KeyInfo is a string value used to  
convey in-band key distribution or agreement data. Use of this element  
is NOT RECOMMENDED.
Key Transport algorithms conveyed as part of the ds:KeyInfo/ 
xenc:EncryptedKey element, as defined in the XML Encryption 1.1  
section on Key Transport, are to be used instead. ]]

Can we deprecate the element in this 1.1 release? Does the proposal  
make sense or did I misinterpret this?

regards, Frederick

Frederick Hirsch
Nokia
Received on Saturday, 5 December 2009 01:14:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:44:00 GMT