Re: Newer Nonce Proposal from Donald E. Eastlake 3rd on 2001-08-07 (xml-encryption@w3.org from August 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Tue, 07 Aug 2001 09:32:58 -0400
To: Amir Herzberg <AMIR@newgenpay.com>
cc: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Message-Id: <200108071332.JAA0000017003@torque.pothole.com>

What do you mean "attached to the plaintext"? If the plain text
application is aware of the problem and can change its schema, it's
simple enough for it to throw in an element or attribute with an
ignored string value. The only interesting case is where this was not
anticipated and you can't change the schema.  Unfortunately, it turns
out that adding miscellaneous new attributes or elements is prohibited
by default for both DTD and schema.  This always seemed like it would
be a problem for elements, which I think of as heavy weight ordered
object, but for a while we thought the default might be the other way
for attributes which, on average, I think of as lighter weight,
unordered objects subsidiary to an element.

Donald

From:  Amir Herzberg <AMIR@newgenpay.com>
Message-ID:  <078EE8822DCFD411AAA1000629D56ADC0B7E10@IMP01>
To:  "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Date:  Sun, 5 Aug 2001 12:38:02 +0300 

>Don says in his `newer nonce proposal` attached to his posting of Aug 2nd,
>http://lists.w3.org/Archives/Public/xml-encryption/2001Aug/0009.html: 
>
>> Note: Other possible syntaxes were considered. The problem with an
>xenc:Nonce attribute is that foreign 
>> namespace attributes are forbidden by default in Schema. Use of a new
>element would be even more 
>> problematic.
>
>I'm not sure why `a new element would be even more problematic`. I thought
>that the best solution was to define a simple <nonce> element that can be
>attached to the plaintext as see fit to the application. If encrypting an
>element without awareness of the application which created the element, it
>is easy to add the nonce element to the encrypted text. This appears to me
>much simpler than a PI. However, maybe you've already covered this option, I
>must admit not being able to fully follow all discussions lately. 
>
>Best regards, 
>Amir Herzberg
>CTO, NewGenPay Inc.  
>http://www.newgenpay.com/Amir/Herzberg.htm
>SMS (urgent only!): _subject_ of email to aherzberg@walla.co.il

Received on Thursday, 9 August 2001 06:42:14 UTC