W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2001

RE: An issue and a typo in Decryption Transform Oct 18th draft

From: Amir Herzberg <AMIR@newgenpay.com>
Date: Mon, 19 Nov 2001 12:37:15 +0200
Message-ID: <078EE8822DCFD411AAA1000629D56ADC162EC7@imp01.newgenpay.com>
To: <reagle@w3.org>, <imamu@jp.ibm.com>, <maruyama@jp.ibm.com>
Cc: <xml-encryption@w3.org>
I agree - I didn't think of the simple solution below - sorry! I think
it may be useful to include a few words on this in the security
consideration section. Amir

> > However, there is another solution: do not _sign_ the 
> encrypted data in
> > the first place. Namely, the transform could have a third operation
> > which completely removes encrypted-then-signed elements, 
> 
> This is possible and achievable within the framework of 
> xmldsig itself. One 
> could write an XPath expression that removed the encrypted 
> portions one 
> does not want to sign. 
Received on Monday, 19 November 2001 05:37:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT