W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Re: Signing and Encryption

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Wed, 31 Jan 2001 15:13:24 -0500
Message-Id: <4.3.2.7.2.20010131151147.02014f08@rpcp.mit.edu>
To: "Frederick J. Hirsch" <hirsch@caveosystems.com>
Cc: <xml-encryption@w3.org>, "Frederick Hirsch" <hirsch@caveosystems.com>
At 13:08 1/22/2001 -0500, Frederick J. Hirsch wrote:
>4. Assume party C receives the document with the encrypted element and the
>signature and wishes to verify the signature. The reference is valid since 
>the
>encrypted element has the "a" Id, so the signature could be over the 
>encrypted
>element or over the unencrypted element. One approach would be to attempt 
>verify
>the signature with the reference to the encrypted element - this is the 
>correct
>behaviour since this is what the reference refers to. If it fails, the 
>verifier
>could detect that the element was encrypted, decrypt it, and try again.

Hi Fred,

I think this only works when the signature/encryption is of the same 
granularity, right? What happens if you want to encrypt children of the 
element signed? You would revert to having to validate the parent element, 
then try validate it under all permutations of its children decrypted I think.


__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 31 January 2001 15:13:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT