The XML Encryption document specifies that DigestMethod and DigestData may be specified within the CipherData element to provide integrity. http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/#sec-CipherData I assume the same result could be achieved by not including these elements, but using an XML Signature on the content to be encrypted, and then encrypting both the content and the signature. This would have the additional cost of maintaining the keys for signing and implementing XML signatures. It would have the benefit of providing stronger integrity than a simple hash. I propose we leave this up to the application rather than defining the digest elements as part of CipherData Alternatively we can leave the optional DigestMethod,DigestData elements in the schema but suggest that stronger (source) integrity be obtained with a signature. < Frederick hirsch@zolera.comReceived on Monday, 25 June 2001 13:48:34 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT