W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2001

Re: Decryption Transform

From: Joe Meadows <joe.meadows@boeing.com>
Date: Tue, 03 Jul 2001 14:35:34 -0700
Message-Id: <3B423AA6.E336A93@boeing.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>
CC: John Cowan <cowan@mercury.ccil.org>, John Cowan <jcowan@reutershealth.com>, imamu@jp.ibm.com, maruyama@jp.ibm.com, xml-encryption@w3.org
At 22:17 7/2/2001, John Cowan wrote:
>I am arguing that the whole verify-decrypt-verify scenario is bad practice:
>it comes about only if people sign encrypted material, *which they should
>never do*.  We may need it nonetheless to compensate for pre-existing
>bad practice.

I'd also disagree with this. I can imagine encrypting a document, sending it
to a second party, having them sign the encrypted document, and pass it on to
a third party. Seems like there were some sensible non-repudiation schemes built
on this sort of logic in the past (the intermediate party doesn't know what I
but given appropriate plain text or keys, can verify later if a contract dispute
comes up). I realize I'm being light on details - blame it on really sunny
in the pacific northwest [it's oh so unusual!]..

Received on Tuesday, 3 July 2001 17:35:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC