Joseph, >3. Prohibit XML structures as the plaintext within EncryptedKey. I think >Takeshi has already suggested this when I asked him how to Encrypt ><ds:KeyValue/>, he said it should be Encrypted as a EncryptedData. This >acknowledged that all key formats are binary today, and that they will >likely be so in the future. This makes sense when one considers key wraps >and such, but might preclude XML formats in the future...? My intention was to prohibit encrypting an XML structure containing a key, which is a part of an XML document, into an EncryptedKey element, not to prohibit encoding a key in XML and then encrypting it as binary into an EncryptedKey element. I believe a key can be encoded in ASN.1, XML, and so on. >2. I'm proposing that the Algorithm *can* have a specific/deterministic >structure, in which case one could: >a. repeat the same (Encryption Method Algorithm URI) in the (EncryptedKey >Type) . >b. if the (EncryptedKey Type) isn't specified assume the (Encryption Method >Algorithm URI) is sufficient: 1-to1. >2.1 If it doesn't, one would specify the Algorithm and KeyStructure >distinctly. For example: ><EncryptedKey Type="someEncryptionAlgorithms128bitKey"> > <EncryptionMethod > Algorithm="&xenc;someEncryptionAlgorithm" /> I like this because there can be several ways to encode/represent a key for an algorithm. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.comReceived on Monday, 7 January 2002 05:39:05 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 May 2007 00:09:00 GMT