W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2012

Re: Confusing schema fragment in Encryption 1.1

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 16 Jan 2012 15:58:45 +0000
To: <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <eb2m-mrt@asahi-net.or.jp>, <public-xmlsec@w3.org>
Message-ID: <C2D86F53-899E-46B0-9F27-7F913CCD07F8@nokia.com>
Scott, Makoto

I think what you are suggesting is that we change the example in 5.5.2, http://www.w3.org/TR/2012/WD-xmlenc-core1-20120105/#sec-RSA-OAEP :


<EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
  <OAEPparams>9lWu3Q==</OAEPparams>
  <xenc11:MGF Algorithm="http://www.w3.org/2001/04/xmlenc#MGF1withSHA1" />
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<EncryptionMethod>

to put explicit namespace prefixes on the elements, e.g. xenc:EncryptionMethod, xenc:OAEPparams .

Is this what you are saying?

I don't think there is a problem with the xenc 1.1 schema file itself, as MGF is defined as a stand-alone type in the xenc11 namespace.  Do you see a problem with the 1.1 schema file (attached)?

The document also highlights the schema definition in 5.5.2:


Schema Definition:
    <!-- use these element types as children of EncryptionMethod
      when used with RSA-OAEP -->
    <element name="OAEPparams" minOccurs="0" type="base64Binary"/>
    <element ref="ds:DigestMethod" minOccurs="0"/>
    <element name="MGF" type="xenc11:MGFType"/>
    <complexType name="MGFType">
      <complexContent>
        <restriction base="xenc11:AlgorithmIdentifierType">
          <attribute name="Algorithm" type="anyURI" use="required" />
        </restriction>
      </complexContent>
    </complexType>

Not sure any change is needed here, other than perhaps a note in the comment that EncryptionMethod is defined in the xenc namespace.


regards, Frederick

Frederick Hirsch
Nokia



On Jan 11, 2012, at 10:48 PM, ext Cantor, Scott wrote:

On 1/11/12 8:57 PM, "MURATA Makoto" <eb2m-mrt@asahi-net.or.jp<mailto:eb2m-mrt@asahi-net.or.jp>> wrote:

The reader is likely to assume that they belong to the same schema
and thus the same namespaces.  However, OAEPparams belongs to
the namespace for XML Encryption 1.0, while MGF belongs to that
for 1.1

It should be made clear that these two declarations occur in different
schemas.

It's actually not confusing, but *wrong*, I believe. If it's meant to be
reusing the old element from the original OAEP algorithm and if the
default namespace in effect for the new 1.1 schema is the 1.1 namespace,
the old element has to be qualified when referenced in the new schema.
They both can't be unqualified/defaulted.

-- Scott






Received on Monday, 16 January 2012 15:59:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 16 January 2012 15:59:38 GMT