RE: Early Draft Algorithms Section (also: renaming HashOfRandomiz ed) from Amir Herzberg on 2001-05-20 (xml-encryption@w3.org from May 2001)

From: Amir Herzberg <AMIR@newgenpay.com>
Date: Sun, 20 May 2001 10:54:44 +0300
To: "'Eastlake III Donald-LDE008'" <Donald.Eastlake@motorola.com>, xml-encryption@w3.org
Message-ID: <078EE8822DCFD411AAA1000629D56ADC0B7BA7@IMP01>

Don said, 

> I think the desired integrity properties are obtained if the 
> hash is over the plaintext regardless of whether that hash is 
> then encrypted along with the plain text or left unencrypted. 

Correct. But it is important to allow to leave the result of the hash
unencrypted, 
in order to allow the verification to be applied to the plaintext. 

>  In this case having the DigestMethod be an orthogonal choice 
> to the EncryptionMethod seems like a good idea. 

Agreed! 

> I'm not sure 
> if the DigestMethod and DigestValue elements should be inside 
> CipherData or at the same level but if they are inside, I'd 
> be inclined to then put the actual ciphertext into an element 
> at the same level as the Digest*.

I thought that the ciphertext will be the direct and only content of
CipherData. I now see  that the spec may place CiherData in an element
inside CipherData, in which case of course the DigestMedthod and DigestValue
can be at the same level (and possibly within CipherData). Frankly I'm not
sure why we need this extra level (for the ciphertext itself), but I don't
mind much. 
> 
> On the randomization, note that if the hash is over the 
> plaintext with IV, the IV provides some randomness. 

True but only for secret IV. 

> However, whether you do that or use some other randomness, there is a 
> question of how you add it to the plaintext. This can just be 
> left up to the application but, for application convenience, 
> we could provide an attribute in the XML Encryption namespace 
> that could optionally be used by the application to add, via 
> the attribute's value, randomness, or even one of the dreaded 
> Processing Instructions...

I think adding a specific attribute or element for the optional randomness
is a good idea. 

Best regards, 
Amir Herzberg
CTO, NewGenPay Inc.  

See demo and lectures/overviews/tutorials on crypto-security for mobile,
e-commerce, etc. in http://www.newgenpay.com/mpay/course/course.html

Received on Sunday, 20 May 2001 03:51:21 UTC