W3C home > Mailing lists > Public > xml-encryption@w3.org > September 2001

Poll (Was: digest requirement)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 26 Sep 2001 19:25:42 -0400
To: "XML Encryption WG" <xml-encryption@w3.org>
Message-Id: <20010926232617.A0A9287400@policy.w3.org>
Please respond to the list by close of Friday the 28th.

In [1], I summarize the requirement to partially reveal/decrypt and confirm 
the authenticity/integrity of elements without necessarily revealing other 
elements encrypted at the same time -- and how to achieve this using 
xmldsig. Do you prefer:

1. Remove the Digest{Method,Value} and specify how similar functionality 
can be accomplished using an XML Signature manifest as described in [1]. 
This is a bit more clean with respect to keeping xmldsig and xenc distinct 
(we'd have no special syntax or processing specified in xenc), but requires 
slightly more complex specification none-the-less (of how to use xmldsig) 
to satisfy the requirement.

2. Retain the Digest{Method,Value} as presently specified. This introduces 
additional processing into the Encryption spec for integrity purposes that 
could be done by XML Signature, but it's a little more straightforward.

This option also satisfies Amir's requirement of being able to change the 
Encryption algorithm without invalidating a signature of the plain data and 
digests *if* a transform is used to remove the actual Encryption Info 
(algorithm, key and value) prior to a signature. However, this requires an 
actual transform to be written. If you opt for #2, should we:
A. Let applications specify the transform.
B. Specify/standardize the transform.

Received on Wednesday, 26 September 2001 19:26:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:02 UTC