W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2000

comments on "Note on XML Encryption"

From: Blair Dillaway <blaird@microsoft.com>
Date: Thu, 26 Oct 2000 16:10:43 -0700
Message-ID: <AA19CFCE90F52E4B942B27D42349637921F7E5@red-msg-01.redmond.corp.microsoft.com>
To: "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Cc: Brian LaMacchia <bal@microsoft.com>, Barb Fox <bfox@exchange.microsoft.com>
(the following represents the combined comments of Blair Dillaway, Barb Fox,
and Brian LaMacchia)

Below are several comments in response to the earlier posting of "Note on
XML Encryption" from Takeshi Imamura and Hiroshi Maruyama.  That document is
a reasonable starting point, but we'd like to raise some issues that should
be addressed by the working group.  Looking forward to the meeting next
week.

1. This approach tries to reuse the same mechanisms for both data encryption
and key transport Specifically, the encoding of an  
	   <EncryptedData>
		<EncryptionInfo>
			<KeyInfo>
 			 <EncryptionMethod>
		.....
element structure inside of an <EncryptionInfo><KeyInfo> to handle symmetric
key wrapping using a public key.  We fail to see the benefit of this deeply
nested structure and reuse of tags with different meanings.  A simpler
structure, that makes it clear this is key transport information, seems like
a better choice.  Such a structure, as an immediate child of the
<EncryptionInfo>, might look like
 	  <EncryptionKey>
		<KeyInfo>
			<!-- asymmetric public key >>
		</KeyInfo>
		<EncryptionMethod> ...
		<EncryptedData> ...
	  ...


2. The design separates out encryption KeyInfo, KeyAgreement, and KeySharing
as distinct mechanisms for transmitting information about a symmetric
encryption key.  These are simply options as to how keying information may
be communicated.  To align more cleanly with DSig, these should be unified
into a single mechanism.  In addition, use of this mechanism should be
optional, i.e., the symmetric key may be implied.  Key sharing using a name
key might look like:
   <EncryptionInfo>
	<EncryptionKey>
		<KeyName>foo</KeyName>
	</EncryptionKey>
   ...
Key transport as above, etc.  (Note: The <KeySharing> tag defined in the
Note has no examples of its use )

3. We disagree that encryption meta-data should be an integral part of the
EncryptionInfo.  As the document states, this information varies by
context/application so we can't define any standard structure for this
information.  Some applications may also want to encrypt this meta-data.  We
feel this will be easier if it is a separate XML 'blob' left to the
discretion of the using application.

4. We believe that there's a need to support References from the
EncryptionInfo to the EncryptedData  elements as well as from the
EncryptedData to the EncryptionInfo as indicated in the Note.  What isn't
clear is whether the authors believe both types of references are optional.
We believe they should be.

5. We disagree with the proposed algorithms.  The mandatory algorithm set
should avoid any potential IP encumberences and hence, we suggest that
Diffie-Hellman be dropped.  We would like to see triple-DES and RSA as
recommended and AES mandatory.  

6. It's not clear how one would use the proposed design to handle encryption
to multiple recipients.  We will need to decide how to indicate the
appropriate EncryptionInfo for each recipient, shared use of a single
EncryptionInfo, and so forth.

7. We'd like to see explicit linkage between use of asymmetric keys in
support of encryption and the XML DSig work.  Specifically, we should re-use
the DSig <KeyInfo> definition, rather than creating a new one, when we need
to express asymmetric key information.

Regards,
Blair
Received on Thursday, 26 October 2000 19:11:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT