- From: Ed Simon <ed.simon@entrust.com>
- Date: Thu, 11 Jan 2001 15:30:22 -0500
- To: "'xml-encryption@w3.org'" <xml-encryption@w3.org>
- Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE37106D0B0@sottmxs08.entrust.com>
As I understood things, Blair didn't say "if you want to encrypt an attribute, encrypt the element that contains it", I thought it was more along the lines of "if an existing XML system wants to use XML Encryption, it will need to modify schemas so that they recognize certain XML Encryption elements; if XML Encryption is to be introduced into a system where attributes contain sensitive data, then the schema, which has to updated anyway, should put that sensitive data in elements rather than attributes". (Blair, please let the list know if I've misinterpreted you.) But anyway, what is wrong with saying if you want to encrypt an attribute, encrypt the element that contains it? What's wrong is that the element and its contents and other attributes may contain information that is not sensitive and therefore does not need to be encrypted. By leaving that data unencrypted, applications which need it do not need to, unnecessarily, have access to decryption keys, which enhances overall security. XML Encryption is important not just for what it can encrypt, but for what it can leave unencrypted (tm-Ed Simon ;-}). If we resolve that there is a requirement to encrypt attribute values, to me the question comes down to whether Option 1: XML Encryption specifies a consistent, broadly applicable way of encrypting attributes OR Option 2: individual applications design their own way of encrypting attributes, eg. converting the attributes to child elements and encrypting those like regular elements; XML Encryption will not specifically cover attributes. I like option 1 because it means that any application that has access to the decryption keying material can reconstruct the plaintext original. Outside of the argument that there is no sufficient requirement to encrypt attribute values, It seems to me that all the arguments raised against option 1 apply equally to encrypt whole elements and element content as well. If so, then one would deduce that XML Encryption should really only cover the definition of the <DecryptionInfo> element. Seriously, if XML Encryption doesn't allow a plaintext original to be reconstructed from its ciphertext in a non-proprietary way, its usefulness seems very limited to me. Ed -----Original Message----- From: Thane Plambeck [mailto:tplambeck@verisign.com] Sent: Thursday, January 11, 2001 1:48 PM To: xml-encryption@w3.org Subject: RE: Attribute encryption & Blair's message What's wrong with saying if you want to encrypt an attribute, encrypt the element that contains it? I'm still waiting for a good example why the additional application complexity of selective encryption of attributes inside elements is needed; ie, I await an explicit response to the questions and response on this topic posed in Blair Dillaway's most recent message to this list. Thane Plambeck tplambeck@verisign.com http://www.verisign.com <http://www.verisign.com/> 650 429 5247 direct, Mt View Office 650 321 4884 home office 650 323 4928 home office fax
Received on Thursday, 11 January 2001 15:33:20 UTC