W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Integrity check

From: Sanjeev Hirve <shirve@cyberelan.com>
Date: Mon, 8 Jan 2001 15:41:08 -0500
Message-ID: <0de601c079b3$54a350f0$0800010a@cyberelan.com>
To: "xml-enc" <xml-encryption@w3.org>
Cc: "Raju Nadakaduty" <praju@cyberelan.com>, "Marcus A Cuda" <mcuda@cyberelan.com>, "Michael Sakhatsky" <msakhatsky@cyberelan.com>
I would like to propose introducing an optional integrity check in the XML encryption standard.
Specifically,
   an optional attribute or child element in DataReference and KeyReference.  The check can be the SHA-1 digest of the cleartext.
The checksum may be used in the following situation:
- the decrypting party does not have access to only part of the document
- it is considered too expensive to appy PK signatures on individual parts of the doc
- the party that can decrypt the encryption-key, does not have access to the encrypted data.  The party that has access to the encrypted data cannot decrypt the encryption-key.
This can provide a cheap and secure alternative to PK signatures, to protect against intentional tampering of the ciphertext.
regards
SSH
Received on Monday, 8 January 2001 15:37:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT