W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: Tobin's Infoset for external entities

From: merlin <merlin@baltimore.ie>
Date: Thu, 04 Apr 2002 21:06:37 +0100
To: reagle@w3.org
Cc: "Takeshi Imamura" <IMAMU@jp.ibm.com>, xml-encryption@w3.org
Message-Id: <20020404200637.6EE6F43BEA@yog-sothoth.ie.baltimore.com>

I'd personally suggest a slight alteration of the Text Wrapping
explanation; I think the appendix should describe the entire
process, including entitity definitions and namespace attributes.
Otherwise, the process is slightly tortuous and perhaps less
clear than it could be. Also, should we specify an encoding
attribute? Perhaps the default is to assume UTF-8. Should we
copy down xml:* attributes? I'm not advocating this, just
wondering if it is appropriate.

My proposed revision of Takeshi's text is below. Also, at some
point we should adopt the RSA-OAEP update [1] (with the
hyphenation fixed in the algorithm list).

[1] http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/0018.html

6.A Text Wrapping

 This appendix specifies the process for wrapping text, which is
 performed in decryptXML() (section 2.1.1). The process is a part of the
 process proposed by Richard Tobin in [Tobin] originally for
 constructing the infoset [XML-Infoset] of an external entity.

 The process consists of the following steps:

 1. Emit an XML declaration with the version number "1.0"
    (? and the encoding "UTF-8" ?).

 2. If the document containing the data being decrypted bears
    any entity declarations, then emit a document type declaration
    that provides these entity declarations.

 3. Emit a <code>dummy</code> element start tag with namespace
    attributes defining all the namespaces in scope for the data being
    decrypted.

 4. Emit the decrypted plaintext.

 5. Emit a <code>dummy</code> element end tag.

Consider the following document containing an EncryptedData
element:

<!DOCTYPE Document [
  <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
]>
<Document xmlns="http://example.org/">
  <foo:Body xmlns:foo="http://example.org/foo">
    <EncryptedData xmlns="..." ...>...</EncryptedData>
  </foo:Body>
</Document>

If this document is fed through the decryption transform and
the ciphertext decrypts to the plaintext "<Foo /><foo:Bar />",
then this will be wrapped as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dummy [<!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>]>
<dummy xmlns="http://example.org/" xmlns:foo="http://example.org/foo"><Foo /><foo:Bar /></dummy>

Merlin

r/reagle@w3.org/2002.04.02/13:06:46
>On Tuesday 02 April 2002 11:09, Takeshi Imamura wrote:
>> >> I think too it is a good idea to include necessary parts of Tobin's
>> >> text to the spec.  If you allow me time, I think I can propose the
>> >> text.
>> I tried making the text and changing the spec accordingly.  Please find
>> the text below:
>
>Thank you Takeshi, I've tried to integrate this into [1]. Also, Merlin, I 
>think the last issue we need to settle on for this document was whether we 
>really need the ability to decrypt binary data out of a larger XML document 
>[2].
>
>
>[1] http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt 
>$Revision: 1.39 $ on $Date: 2002/04/02 18:00:37 $ GMT 
>[2] http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/0074.html
>


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com
Received on Thursday, 4 April 2002 15:06:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT