RE: HW Support and XML Encryption Requirements

I'm not sure that I think this is a good concept to add to the syntax.
There are other items that will impact this besides the IV.  There are other
algorithms which have different parameters which are "generated" by the
hardware that we are not placing next to the encrypted data.  An example
would be the Y value for a D-H key agreement.

Parameters such as the IV are parameters of the algorithm and not parameters
of the encrypted data.  As such they should be placed in the algorithm
description.

If you really desire that the IV be "next" to the encrypted data then the
algorithm design should be such that no independent IV exist as an algorithm
parameter and the algorithm is specified to say that the first n bytes
(where n is the block size) are to be randomly generated.  Thus the "IV" is
all zeros and the first block of data is random and removed at decryption
time.

jim

-----Original Message-----
From: xml-encryption-request@w3.org
[mailto:xml-encryption-request@w3.org]On Behalf Of Joseph M. Reagle Jr.
Sent: Wednesday, February 21, 2001 11:25 AM
To: Paul Lambert
Cc: XML Encryption WG
Subject: Re: HW Support and XML Encryption Requirements


At 14:45 2/16/2001 -0800, Paul Lambert wrote:
>4.0 The encryption and XML processing should be
>    - support the use of hardware implementation of the encryption
> processing

I've added that under the security section.

>Hardware considerations introduce design consideration that impact the
>sytax.  For example, the current draft proposal places cryptographic
>initialization information early in the header:
>
><xenc:EncryptedData
>xmlns:xenc='<http://www.w3.org/2000/11/temp-xmlenc>http://www.w3.org/2000/1
1/temp-xmlenc'>
>
>   <xenc:EncryptionMethod xenc:Algorithm="urn:nist-gov:tripledes-ede-cbc">
>     <s0:IV xmlns:s0='<http://somens>http://somens'>ABCD</s0:IV>
>     .... etc ....
>
>It is "best" to have hardware directly support the creation of the
>initialization information required for encryption transforms
>(IV).  Ideally, the IV should be directly in front of the cipher text to
>support the tight integration of the generation of the IV with the
>cryptographic process.

This is a good point, but how would one meet this requirement? I expect that
in addition to providing the IV in the encryption syntax itself it would be
fed as a parameter to the encryption algorithm?


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 22 February 2001 18:18:24 UTC