W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2009

Re: Rewrite of Encryption, 5.6, first paragraph (ISSUE-99; ACTION-292)

From: Sean Mullan <Sean.Mullan@Sun.COM>
Date: Wed, 20 May 2009 08:31:55 -0400
To: Thomas Roessler <tlr@w3.org>
Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-id: <4A13F83B.6000207@sun.com>
Thomas Roessler wrote:
> Current text:
> 
>> Symmetric Key Wrap algorithms are shared secret key encryption 
>> algorithms especially specified for encrypting and decrypting 
>> symmetric keys. Their identifiers appear as Algorithm attribute values 
>> to EncryptionMethod elements that are children of EncryptedKey which 
>> is in turn a child of ds:KeyInfo which is in turn a child of 
>> EncryptedData or another EncryptedKey. The type of the key being 
>> wrapped is indicated by the Algorithm attribute ofEncryptionMethod 
>> child of the parent of the ds:KeyInfo grandparent of the 
>> EncryptionMethod specifying the symmetric key wrap algorithm.
> 
> First, here's how I read this:
> 
>     <EncryptedData|EncryptedKey>
>         <EncryptionMethod Algorithm="@alg1"/>
>         <ds:KeyInfo>
>             <EncryptedKey>
>                 <EncryptionMethod Algorithm="@alg2"/>
> 
> @alg1 is the algorithm for which the encrypted key is used.  @alg2 is 
> the algorithmt hat's used to encrypt the key.  If this reading of the 
> text is wrong, then scream right now, because what follows will be wrong.
> 
> 
> Proposed replacement:
> 
>> Symmetric Key Wrap algorithms are shared secret key encryption 
>> algorithms especially specified for encrypting and decrypting 
>> symmetric keys.  When wrapped keys are used, then an EncryptedKey 
>> element will appear as a child of a ds:KeyInfo element.  This 
>> EncryptedKey element will have an EncryptionMethod child whose 
>> Algorithm attribute in turn identifies the key warp algorithm.

s/warp/wrap

>>
>> The algorithm for which the encrypted key is intended depends on the 
>> context of the ds:KeyInfo element:  ds:KeyInfo can occur as a child of 
>> either an EncryptedData or EncryptedKey element; in both cases, 
>> ds:KeyInfo will have an EncryptionMethod sibling that identifies the 
>> algorithm.
>>
>> Example:
>>
>> ...
> 
> -- 
> Thomas Roessler, W3C  <tlr@w3.org>
> 
> 
> 
> 
> 
Received on Wednesday, 20 May 2009 12:32:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT