Re: Minor comments on the spec from Takeshi Imamura on 2001-11-12 (xml-encryption@w3.org from November 2001)

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Mon, 12 Nov 2001 16:43:49 +0900
To: reagle@w3.org
Cc: Eastlake <dee3@torque.pothole.com>, xenc <xml-encryption@w3.org>
Message-ID: <OFD243D1A1.9C958523-ON49256B02.00276352@LocalDomain>

Joseph,

I'm sorry for not replying sooner.

>> >> to the schema of the EncryptedData element.
>> >> There is no explanation for the EncryptionProperties element.
>> >> "ElementContent" would be "Content".
>> >
>> >Type was moved into EncryptedType since it belonged to EncryptedData
and
>> >EncryptedKey, I forgot to move its text when I did that, but I fixed
>> > that in the last edit.
>>
>> Is the Type attribute also needed for the EncryptedKey element?  I could
>> not find such a description in the spec.
>
>Yes, if the decrypted CipherData was a ds:KeyValue for instance, you would
>want to process it according to 4.2.4, right?

Do you mean that you encrypt a ds:KeyValue element into an EncryptedKey
element with the Type Element?  To my understanding, it is not allowed.


>> >> 3.2
>> >> I believe that a nonce value specified using the Nonce attribute is
>> >> used only when encrypting data (not key).  Is that correct?  If so,
>> >> that should be explained explicitly.
>> >
>> >Tweaked to, " Given that data is often redundant (e.g., XML) and that
>> >attackers may know the data's structure, applications are RECOMMENDED
to
>> >encrypt data with high entropy, either by its own nature or by use of
>> > the Nonce attribute."
>>
>> So should the implementation give a warning when a user is encrypting a
>> key with a nonce value and/or decrypting a key encrypted with a nonce
>> value?
>
>Why would a warning be necessary? (Warn of what?) I really don't see the
>processing (from an XML decryption point of view) of EncryptedData or
>EncryptedKey as very different. There both processed to get you the
>plain-data, the only different is that one has a little more "meta-data"
>about the EncryptedKey's plain-data, it's a key.

A nonce cannot be used for encrypting a key, right?  So I just thought
that, if a user was trying to use a nonce for encrypting a key, it would be
helpful to warn the user of the illegal use of nonce.  Our implementation
just ignores such a nonce, though.


>> >> 3.5
>> >> Because the URI attribute is optional, the behavior should be noted
>> >> when the attribute is omitted.
>> >> Transform and XPath elements in the example have to be prefixed with
>> >> "ds:".
>> >
>> >Do we have any reason why it should be optional? If so, we should defer
>> > to application context, if not, we should make it mandatory.
>>
>> I don't see any reason.
>
>Ok, ReferenceType URI is now optional.

I'm sorry for confusing you.  I meant that the URI attribute would be
mandatory.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com

Received on Monday, 12 November 2001 02:43:56 UTC