W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2001

Re: Minutes of 010910-teleconf

From: merlin <merlin@baltimore.ie>
Date: Tue, 11 Sep 2001 11:24:51 +0100
To: reagle@w3.org
Cc: XML Encryption WG <xml-encryption@w3.org>
Message-Id: <20010911102451.42B6B43C09@yog-sothoth.ie.baltimore.com>

Just to clarify, my understanding of Amir's digest requirement is:

. To create a document with multiple encrypted parts.
. To include a digest of the plaintext part in each EncryptedData.
. To compute a signature over these digests.

The purpose of this is that you can validate the signature
fully, and then selectively validate individual plaintexts
depending on your needs.

I would suggest that this requirement is satisfied by
XML signature manifests and our decryption transform:

. Create a document with multiple encrypted parts.
. Create a manifest containing a reference to each EncryptedData
  processed by our decryption transform.
. Create a signature over this manifest.

This signature can be fully validated without exposing all the
plaintext, and then manifest references can be selectively
validated as needed.

This seems to satisfy the requirement and it uses existing
capabilities of the existing specs[*].

* Our decryption transform does not currently support non-XML



Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
Received on Tuesday, 11 September 2001 06:25:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:02 UTC