W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Joseph Reagle <reagle@w3.org>
Date: Mon, 1 Apr 2002 17:13:13 -0500
Message-Id: <200204012213.RAA21375@tux.w3.org>
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, aleksey@aleksey.com, xml-encryption@w3.org
On Monday 01 April 2002 16:37, Christian Geuer-Pollmann wrote:
> For digital signatures (non-repudiation), the signed want's to state that
> he made a statement and he want that the binding between his identity
> (Certificate) and the signed contents is non-ambiguous. So it wouldn't
> make sense to omit the ds:SignatureMethod because that would let space
> for discussions (which algorithm was used).

Right.

> For encryption (confidentiality), there are people who like "security by
> obscurity" as an additional point in their encryption system. So making
> the xenc:EncryptionMethod REQUIRED would force people to expose
> information which they probably do not want to disclose.

I've yet to hear its optionality should be permitted for obfuscation 
purposes, rather it might be known in an application context and need not 
be repeated.
Received on Monday, 1 April 2002 17:13:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC