W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Multiple DataReference elements

From: David Montgomery <david.montgomery@entrust.com>
Date: Fri, 23 Mar 2001 10:49:02 -0500
Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE371AFF2EF@sottmxs08.entrust.com>
To: "'XML Encryption List'" <xml-encryption@w3.org>
"prop3" states that "Multiple DataReference elements can occur if multiple
EncryptedData elements exist that are encrypted by the same key".

The use of multiple DataReference elements allows the following flawed
relationship;  Alice must encrypt EncryptedData-A and EncryptedData-B with
the same symmetric key, which is encrypted with Bob's public key in
EncryptedKey-Bob.  If Eve is a second recipient of EncryptedData-A, she
gains indirect access to EncryptedData-B, which Alice did not intend.  (Same
applies to KeyReferences.)

Although a similarly flawed linkage could be created also with
EncryptedKeyReferences or KeyRetrievalMethods instead of DataReferences, the
use of multiple DataReferences invites the application developer to create
it, by requiring re-use of encryption keys.

            +----------------------+
            | XML Document         |
            |   +------------+     |
 DataReference  | Encrypted  |  DataReference 
    +---<----<- |  Key-Bob   | --->---->--->---+
    |       |   +------------+     |           |
    |       |   +------------+     |  URI      |
    |       |   | Encrypted  | ---<----<----+  |
    |       |   |  Key-Eve   |     |        |  |
    |       |   +------------+     |        |  |
    |       |   +----------------+ |        |  |
    |       |   | Encrypted      | -->-->---+  |
    |       |   |  Data-A        | -<--<--<--<-+
    |       |   +----------------+ |
    |       |   +----------------+ |
    |       |   | Encrypted      | |
    +-->--->--->|  Data-B        | |
            |   +----------------+ |
            +----------------------+

Entrust Technologies Inc. We Bring Trust to e-Business
D.S. Montgomery, mailto:david.montgomery@entrust.com
Received on Friday, 23 March 2001 10:55:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT