W3C home > Mailing lists > Public > public-xmlsec@w3.org > June 2009

key encapsulation draft comments

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Mon, 22 Jun 2009 09:31:41 -0400
Message-Id: <BA3B03DD-3940-4D66-A13C-1622888C05FB@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
Some initial comments on key encapsulation draft at http://www.w3.org/2008/xmlsec/Drafts/key-encapsulation/key-encapsulation.html


(1) I assume that the entire specification can be optional, so MUSTs  
only apply when adherence to the specification is claimed.

(2) I'm not sure why Key Transport is listed in  4.1 and suggest this  
be removed since no URI is being defined here. Use for Key Transport  
should be clear from used of EncryptedKey element, isn't that right?  
Likewise I'm not sure why we have section 4.4.1.

(3) The draft mentions "tight security proofs" but don't all modern  
security algorithms have definitions, assumptions and proofs? What is  
special in this case?  (I  think what is meant here is that the  
"definition" provides security for a combination of key encapsulation  
combined with subsequent encryption, thus addressing in a stronger way  
a requirement for that combination, and having a corresponding  
proof).  We might want a more explicit statement and/or reference to  
the proofs (actually that is in section 6, so maybe link to that  

(4) Is there another reference than ISO/IEC 18033-2 which requires a  
fee? This makes the material hard to review.


(1) Abstract, in "Generic hybrid ciphers allows for a consistent  
treatment of asymmetric ciphers when encrypting data and consists of a  
key encapsulation " change "allows" to "allow" and "consists" to  
"consist" to match plural

(2) Abstract, change "XML security" to "XML Security"

(3) Section 3, in "Generic hybrid ciphers allows" change "allows" to  

(4) The reference for ISO18033-2 does not lead to the document but  
rather the entire ISO site.

(5) In 4.3.2 link  ISO/IEC 18033-2 seems to be broken:

regards, Frederick

Frederick Hirsch
Received on Monday, 22 June 2009 13:32:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:11 UTC