W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: EncryptionMethod in XMLEnc and SignatureMethod in XMLDSig

From: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Date: Tue, 02 Apr 2002 08:17:06 +0200
To: aleksey@aleksey.com
Cc: xml-encryption@w3.org
Message-id: <495302.1017735426@pinkpanther>

--On Montag, 1. April 2002 14:13 -0800 Aleksey Sanin <aleksey@aleksey.com> 

> First of all, I do not suggest to make EncryptionMethod required
> I think that *both* should be optional. Next as far as I can remember,
> the basic cryptography rule says that the only secret is the key.
> Everything  else is known to everyone. IMHO, any security system
> based on the "secret algorithm" is a snake oil.

Right. I agree completely. Joseph corrected me that it's known from the 
application context.

> I belive that the only reason to ommit EncryptionMethod is to save
> some space when application knows this from the context. And I think
> the same reasons apply to the signature.
> At the end of all, it looks natural to have both elements treated in the
> same way, doesn't it?

I don't think so. Especially for digital signatures, there are (and will 
come) many legal constraints from signature laws. And they will in no way 
allow to make transmission of such an important parameter like the 
signature algorithm optional. You're right that the application context can 
be fixed for a particular application and that it's completely redundant to 
always transmit this again. But - for things like long-term-validity, I 
don't think that making this optional buys us anything. And - XML IS 
redundant ;-))


> Aleksey.
> Christian Geuer-Pollmann wrote:
>> --On Montag, 1. April 2002 12:01 -0800 Aleksey Sanin
>> <aleksey@aleksey.com> wrote:
>>> Sorry for mistype, actually Imeant SignatureMethod in XMLDSig:
>>> A minor issue but probably it's worth to fix it: the EncryptionMethod
>>> in XMLEncryption and SignatureMethod in XMLDSig both have the same
>>> meaning: algorithm selection. However, EncryptionMethod is *optional*
>>> element and SignatureMethod is *required*. From my point of view it is
>>> inconsistent. Either both should be required or both should be optional.
>>> I would prefer the second (both optional) since application can have
>>> this
>>> information from the context.
>> Hi Aleksey,
>> from Schema point, you're right. But I think they have different
>> security properties:
>> For digital signatures (non-repudiation), the signed want's to state
>> that he made a statement and he want that the binding between his
>> identity (Certificate) and the signed contents is non-ambiguous. So it
>> wouldn't make sense to omit the ds:SignatureMethod because that would
>> let space for discussions (which algorithm was used).
>> For encryption (confidentiality), there are people who like "security
>> by obscurity" as an additional point in their encryption system. So
>> making the xenc:EncryptionMethod REQUIRED would force people to expose
>> information which they probably do not want to disclose.
>> Maybe this is one motivation for this decision. But from implementors
>> point of view, it adds some complexity.
>> Regards,
>> Christian
Received on Tuesday, 2 April 2002 01:12:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC