W3C home > Mailing lists > Public > xml-dist-app@w3.org > January 2002

RE: Encryption and the processing model

From: David Orchard <david.orchard@bea.com>
Date: Thu, 10 Jan 2002 18:10:38 -0800
To: "'Mark Baker'" <distobj@acm.org>
Cc: "'Rich Salz'" <rsalz@zolera.com>, <xml-dist-app@w3.org>
Message-ID: <01ce01c19a45$2a82f150$180ba8c0@beasys.com>
> > I'm not sure what the right way to design this would be.
> You could encrypt
> > the entire header element.  Then when it's decrypted,
> whoever decrypted it
> > could see the actor, plus whatever else is in the header.
> Unless we allow
> > nested encryption, which makes my brain hurt even more.
> >
> > I see a rat's nest ahead as we tumble down the slippery slope.
> You and your slippery slopes. 8-)

I know, I'm on a slippery slope of seeing slippery slopes :-)  I think I
should go snowboarding or something with all the slopes.

> > I really believe we need more use cases on these various
> types.  Oh wait,
> > I'm supposed to write use cases.
> Sure, those would help.
> I'm thinking that we need to require that the root element of each
> header block be unencrypted.  In other words, the header "name"
> and qualifiers (actor, mustUnderstand) MUST be visible.  But the
> header "value" (block content) should be able to be encrypted.
> I think this is the minimum that should be done to ensure that
> encryption doesn't mess with the processing model.

I think I agree with this.  How/where should this be written up?

Received on Thursday, 10 January 2002 21:14:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 22:01:18 UTC