W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2000

RE: Encrypting entire documents in XML Proposal?

From: Philip Hallam-Baker <pbaker@verisign.com>
Date: Thu, 21 Dec 2000 11:52:59 -0800
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F40154C74D@vhqpostal.verisign.com>
To: "'Ed Simon'" <ed.simon@entrust.com>, "'xml-encryption@w3.org'" <xml-encryption@w3.org>
The point at which confusion is likely to arrise in implementations is
whether an 'entire XML document' encrypted should or should not have the
prologue under the encryption.
It is arguable that a 'whole document encrypted' should have two prologues.
The first would be for the encryption data, the sencond encrypted inside the
encryption data.
I doubt it will make a huge difference except to cause implementations to
fail to interoperate so it is important that the spec be very clear on the
choice made but probably not that important as to what is chosen.
Probably the way to make a choice on the matter is to consider whther an
XML2.0 document could be encrypted using an XML 1.0 encryption toolset...
argues for 2 prologues??

-----Original Message-----
From: Ed Simon [mailto:ed.simon@entrust.com]
Sent: Thursday, December 21, 2000 2:04 PM
To: 'xml-encryption@w3.org'
Subject: RE: Encrypting entire documents in XML Proposal?

It is true that well-formed documents require a prologue but it is 
also true that the prologue may be empty.  In other words, 

<?xml version="1.0" encoding="UTF-16"?> 

is well-formed but so is 


In both cases, if encrypting the entire XML instance, one 
would end up with 

<EncryptedData Type="Document" 

which is also a well-formed document which has an empty prologue and 
is therefore, by default, UTF-8 and version 1.0. 

A question which remains to be answered is whether this model 
stands the test of various character encodings.  I believe 
Hiroshi and Takeshi feel that various character encodings could 
cause problems (Hiroshi and Takeshi, please correct me if I 
misunderstand).  As for me, I expect that there could be a 
problem here, but I don't want to introduce a requirement for 
canonicalization unless I see proof of it.  

-----Original Message----- 
From: Thane Plambeck [ mailto:tplambeck@verisign.com
<mailto:tplambeck@verisign.com> ] 
Sent: Thursday, December 21, 2000 12:57 PM 
To: 'xml-encryption@w3.org' 
Subject: FW: Encrypting entire documents in XML Proposal? 

In section 5.7 of this doc (encrypting an entire XML document) 
perhaps the prologue should not be encrypted?  At least we perserve 
well-formedness then for entire documents. 

I realize that encrypting just the root element and not the prologue 
is already covered by the case of encrypting an entire element. 
So I guess the question is, should XML Encryption really say anything 
about encrypting entire documents, including the prologue?  If it does 
then we are left with the consequence of XML Document encryption leaving 
us with non-well formed XML, which requires a prologue.  


Thane Plambeck 
http://www.verisign.com <http://www.verisign.com>  
650 429 5247 direct, Mt View Office 
650 321 4884 home office 
650 323 4928 home office fax 

-----Original Message----- 
From: Blair Dillaway [ mailto:blaird@microsoft.com
<mailto:blaird@microsoft.com> ] 
Sent: Friday, December 15, 2000 2:41 PM 
To: xml-encryption@w3.org 
Cc: Hiroshi Maruyama; Brian LaMacchia; Barb Fox; 'Ed Simon'; 'Takeshi 
Imamura'; jimsch@nwlink.com 
Subject: Proposal for XML Encryption Syntax and Processing 

We respectfully submit the attached specification 
as a suggested starting point for the XML Encryption Working 
Group effort.  This work builds on earlier papers and 
on-going discussions. 

We look forward to comments and continuing discussions 
to resolve the open issues identified in this document. 

Blair Dillaway, Barbara Fox, Takeshi Imamura, 
Brian LaMacchia, Hiroshi Maruyama, Jim Schaad, 
Ed Simon 
Received on Thursday, 21 December 2000 14:53:02 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC