W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2001

RE: Minor comments on Section 4

From: <edsimon@xmlsec.com>
Date: Wed, 19 Sep 2001 18:00:07 -0400
Message-ID: <3BA68A12000011EB@mail.san.yahoo.com>
To: Blair Dillaway <blaird@microsoft.com>, reagle@w3.org, Takeshi Imamura <IMAMU@jp.ibm.com>, xml-encryption@w3.org

Blair wrote

>we're ambiguous in Step 3.1 about who is responsible for
>serializing the data.

I don't think the text is ambiguous because all the steps starts out with
"the encryptor must:".  Hence all the steps are the Encryptor's responsibility
unless otherwise specified.  Unless there is a good reason otherwise, I
wouldn't want the application to have the handle the serialization of XML
Elements and Content.

On a related topic, for non-XML data where we require the application to
do the serialization (because the Encryptor can't do arbitrary serialization),
does it make sense to allow the application to provide a hint in <EncryptedData>
how the the serialization was done?  I'm thinking of the receiving end,
where the Decryptor want's to de-serialize the data and wants to know how
the serialization was done.


Ed Simon
XMLsec Inc.

Interested in XML Security Training and Consulting services?  Visit "www.xmlsec.com".
Received on Wednesday, 19 September 2001 18:05:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:02 UTC