W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2002

Re: xenc:EncryptedKey/@Type

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Mon, 7 Jan 2002 19:38:45 +0900
To: reagle@w3.org
Cc: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, xml-encryption@w3.org
Message-ID: <OF1FCE6BA4.CE672DE1-ON49256B3A.002E81B2@LocalDomain>


Joseph,

>3. Prohibit XML structures as the plaintext within EncryptedKey. I think
>Takeshi has already suggested this when I asked him how to Encrypt
><ds:KeyValue/>, he said it should be Encrypted as a EncryptedData. This
>acknowledged that all key formats are binary today, and that they will
>likely be so in the future. This makes sense when one considers key wraps
>and such, but might preclude XML formats in the future...?

My intention was to prohibit encrypting an XML structure containing a key,
which is a part of an XML document, into an EncryptedKey element, not to
prohibit encoding a key in XML and then encrypting it as binary into an
EncryptedKey element.  I believe a key can be encoded in ASN.1, XML, and so
on.

>2. I'm  proposing that the Algorithm *can* have a specific/deterministic
>structure, in which case one could:
>a. repeat the same (Encryption Method Algorithm URI) in the (EncryptedKey
>Type) .
>b. if the (EncryptedKey Type) isn't specified assume the (Encryption
Method
>Algorithm URI) is sufficient: 1-to1.
>2.1 If it doesn't, one would specify the Algorithm and KeyStructure
>distinctly. For example:
><EncryptedKey Type="someEncryptionAlgorithms128bitKey">
>   <EncryptionMethod
>        Algorithm="&xenc;someEncryptionAlgorithm" />

I like this because there can be several ways to encode/represent a key for
an algorithm.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Monday, 7 January 2002 05:39:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT