"prop3" states that "Multiple DataReference elements can occur if multiple EncryptedData elements exist that are encrypted by the same key". The use of multiple DataReference elements allows the following flawed relationship; Alice must encrypt EncryptedData-A and EncryptedData-B with the same symmetric key, which is encrypted with Bob's public key in EncryptedKey-Bob. If Eve is a second recipient of EncryptedData-A, she gains indirect access to EncryptedData-B, which Alice did not intend. (Same applies to KeyReferences.) Although a similarly flawed linkage could be created also with EncryptedKeyReferences or KeyRetrievalMethods instead of DataReferences, the use of multiple DataReferences invites the application developer to create it, by requiring re-use of encryption keys. +----------------------+ | XML Document | | +------------+ | DataReference | Encrypted | DataReference +---<----<- | Key-Bob | --->---->--->---+ | | +------------+ | | | | +------------+ | URI | | | | Encrypted | ---<----<----+ | | | | Key-Eve | | | | | | +------------+ | | | | | +----------------+ | | | | | | Encrypted | -->-->---+ | | | | Data-A | -<--<--<--<-+ | | +----------------+ | | | +----------------+ | | | | Encrypted | | +-->--->--->| Data-B | | | +----------------+ | +----------------------+ Entrust Technologies Inc. We Bring Trust to e-Business D.S. Montgomery, mailto:david.montgomery@entrust.comReceived on Friday, 23 March 2001 10:55:35 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT