RE: Signing and Encryption

> I think this only works when the signature/encryption is of the same
> granularity, right? What happens if you want to encrypt children of the
> element signed? You would revert to having to validate the parent element,
> then try validate it under all permutations of its children decrypted I think.
>
Ah, Good point. I forgot about that in trying to create a simple solution.

Given the possibilities I think one needs some sort of "road map" to understand
how to proceed, since the relationship between signatures and encryption can be
arbitrary from a user workflow viewpoint (especially with detached signatures -
you may not even know where the signatures are). Parts can be signed, parts can
be encrypted, such steps can occur repeatedly and independently based on user
workflow and requirements.

I doubt a single default processing rule can handle it, so I think some
additional information is needed - either known to the applications out of band,
or embedded as meta information with the resultant document.

Of course this does not even take into account the previous discussion of
security implications of signing and encryption combinations.

< Frederick


> -----Original Message-----
> From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
> Sent: Wednesday, January 31, 2001 3:13 PM
> To: Frederick J. Hirsch
> Cc: xml-encryption@w3.org; Frederick Hirsch
> Subject: Re: Signing and Encryption
>
>
> At 13:08 1/22/2001 -0500, Frederick J. Hirsch wrote:
> >4. Assume party C receives the document with the encrypted element and the
> >signature and wishes to verify the signature. The reference is valid since
> >the
> >encrypted element has the "a" Id, so the signature could be over the
> >encrypted
> >element or over the unencrypted element. One approach would be to attempt
> >verify
> >the signature with the reference to the encrypted element - this is the
> >correct
> >behaviour since this is what the reference refers to. If it fails, the
> >verifier
> >could detect that the element was encrypted, decrypt it, and try again.
>
> Hi Fred,
>
> I think this only works when the signature/encryption is of the same
> granularity, right? What happens if you want to encrypt children of the
> element signed? You would revert to having to validate the parent element,
> then try validate it under all permutations of its children decrypted I think.
>
>
> __
> Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
> W3C Policy Analyst                mailto:reagle@w3.org
> IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
> W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>
>

Received on Wednesday, 31 January 2001 15:29:12 UTC