W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2002

Re: xenc:EncryptedKey/@Type

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Tue, 15 Jan 2002 16:45:53 +0900
To: reagle@w3.org
Cc: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, xml-encryption@w3.org
Message-ID: <OF8F045BAA.B8F5EACD-ON49256B42.0027AE32@LocalDomain>


>> My intention was to prohibit encrypting an XML structure containing a
>> key, which is a part of an XML document, into an EncryptedKey element,
>> not to prohibit encoding a key in XML and then encrypting it as binary
>> into an EncryptedKey element.  I believe a key can be encoded in ASN.1,
>> XML, and so on.
>
>What do you mean encoded in XML? I now agree that ds:KeyValue wouldn't be
>right, and I can think of binary key being encoded in ASN1, ASCII or
UTF-8.
>Would the ASN1->XML converters be such an example? I'd like to add text to
>section3.4.1 to clarify this like the following:
>
>"When EncryptedKey is decrypted the resulting octets must be a literal key
>value. For example, the result might be a key value encoded in UTF-8 but
it
>will not be an XML structure."

I believe the spec does not have to care whether the resulting octets is a
literal key or not.  As Blair illustrated in [1], the key may be encoded in
a structure.  That is because the key should be processed not by the
implementation of the spec but by that of the algorithm for the key,
optionally by consulting the Type attribute of the EncryptedKey element.

[1] http://lists.w3.org/Archives/Public/xml-encryption/2002Jan/0075.htmle

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com



From: Joseph Reagle <reagle@w3.org>@w3.org on 2002/01/12 05:30

Please respond to reagle@w3.org

Sent by:  xml-encryption-request@w3.org


To:   Takeshi Imamura/Japan/IBM@IBMJP
cc:   Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>,
      xml-encryption@w3.org
Subject:  Re: xenc:EncryptedKey/@Type



On Monday 07 January 2002 05:38, Takeshi Imamura wrote:
> My intention was to prohibit encrypting an XML structure containing a
> key, which is a part of an XML document, into an EncryptedKey element,
> not to prohibit encoding a key in XML and then encrypting it as binary
> into an EncryptedKey element.  I believe a key can be encoded in ASN.1,
> XML, and so on.

What do you mean encoded in XML? I now agree that ds:KeyValue wouldn't be
right, and I can think of binary key being encoded in ASN1, ASCII or UTF-8.
Would the ASN1->XML converters be such an example? I'd like to add text to
section3.4.1 to clarify this like the following:

"When EncryptedKey is decrypted the resulting octets must be a literal key
value. For example, the result might be a key value encoded in UTF-8 but it
will not be an XML structure."

I know the end of that last sentence isn't right...

> >Algorithm URI) is sufficient: 1-to1.
> >2.1 If it doesn't, one would specify the Algorithm and KeyStructure
> >distinctly. For example:
> ><EncryptedKey Type="someEncryptionAlgorithms128bitKey">
> >   <EncryptionMethod
> >        Algorithm="&xenc;someEncryptionAlgorithm" />
>
> I like this because there can be several ways to encode/represent a key
> for an algorithm.

Added to  3.4.1: $Revision: 1.106 $

The Type attribute inheritted from EncryptedType can be used to further
specify the type of the encrypted key if the EncryptionMethod Algorithm
does not define a unambiguous encoding/representation. (Note, all the
algorithms in this specifications  have an unambiguous representation for
their associated key structures. [Is this true? -JR])


--

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Tuesday, 15 January 2002 02:46:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT