W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2000

RE: Initialization Vector

From: Philip Hallam-Baker <pbaker@verisign.com>
Date: Mon, 11 Sep 2000 08:03:19 -0700
Message-ID: <2F3EC696EAEED311BB2D009027C3F4F408EC16@vhqpostal.verisign.com>
To: "'Hiroshi Maruyama'" <MARUYAMA@jp.ibm.com>, Ed Simon <ed.simon@entrust.com>
Cc: Public XML Encryption List <xml-encryption@w3.org>
Managing separate IVs for every encrypted node may get tiresome.

Since every ciphertext stream needs an IV why not simply prefix it to
the ciphertext? That way the temptation to 'reuse' IVs is avoided and
the IV is always in the same place as the ciphertext.

I am thinking of a bunch of 'content management' type possibilities.
Consider the case where we have a detached decryption blob. One blob
might map to a hundred ciphertext streams. If the IV is packaged with
the decryption blob I have to compile the crypto manifest in advance -
bad plan for streaming video. If on the other hand the IV is packaged
with the ciphertext I don't need any additional info.

		Phill

> -----Original Message-----
> From: Hiroshi Maruyama [mailto:MARUYAMA@jp.ibm.com]
> Sent: Sunday, September 10, 2000 9:06 PM
> To: Ed Simon
> Cc: Public XML Encryption List
> Subject: Initialization Vector
> 
> 
> 
> 
> Ed,
> I think you are working on the syntax of encrypted contents.
> One thing that I have noticed is that, if we want to separate
> EncryptionInfo and EncryptedNode (whatever name
> we choose :-)) so that the same key can be shared with
> multiple contents, we need to include an initialization vector
> for each EncryptedNode, as in
> 
>   <EncryptedNode
>       NodeType="Element"
>       EncryptionInfo="URL to key"
>       IV="Base64-encoded IV">
> 
> because otherwise one may know whether two encrypted nodes
> have the same prefix.
> 
> Hiroshi
> 
> --
> Hiroshi Maruyama
> Manager, Internet Technology, Tokyo Research Laboratory
> +81-46-215-4576
> maruyama@jp.ibm.com
> 
> 

Received on Monday, 11 September 2000 11:04:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:17 GMT