- From: Jim Schaad <jimsch5@home.com>
- Date: Thu, 15 Mar 2001 15:48:40 -0800
- To: "'Xml-Encryption \(E-mail\)" <xml-encryption@w3.org>
I read the minutes on the FTF and noted that there was no understanding of why this was placed in the proposal document. This item was placed in the document under the assumption that there will be a desired to encrypt material to a password rather than to a PKI object. We have gotten several comments in the S/MIME working group about this lack in the CMS document and there are a couple of proposals on how to do this currently before the group. The concept is that you want to encrypt and save some data to a file, and you don't want to do some major PKI type code to do the encryption. This algorithm type would allow for an application to retrieve a password phrase from the user, this pass phrase is then crunched into a key and this key is used to encrypt the data in the XML structure. This type of ability matches much of today's internet structure where a user name and a password is entered to get access to a piece of data. I don't really care if this is kept or not I just though that I would clarify why it was in the original proposal. jim
Received on Thursday, 15 March 2001 18:46:40 UTC