W3C home > Mailing lists > Public > xml-encryption@w3.org > June 2002

Re: Decryption Transform processing question

From: merlin <merlin@baltimore.ie>
Date: Thu, 06 Jun 2002 18:59:50 +0100
To: reagle@w3.org
Cc: "Takeshi Imamura" <IMAMU@jp.ibm.com>, xml-encryption@w3.org
Message-Id: <20020606175950.15EE64432D@yog-sothoth.ie.baltimore.com>

r/reagle@w3.org/2002.06.06/13:21:22
>On Tuesday 04 June 2002 11:58 am, Takeshi Imamura wrote:
>> I don't think that using an explicit Type attribute value is a good
>> proposal.  It is not an encryptor but a signer that decides whether an
>> EncryptedData element should be decrypted.  
>
>Instead of a type, how about a specific parameter (e.g., &decrypt;#super) 
>(BTW: Do you accept the proposal that we support &decypt;bnary and 
>&decrypt;XML?)

A signer cannot predict how encryption will be performed so
it cannot specify that superdecryption should occur. This
is similar to my (bad) XMLType proposition.

The signer uses Except to specify what was encrypted when
it generated the signature, and thus what it expects to
remain encrypted during verification.

After this point, it is up the encryptor to make sure that
things stay in shape. Or, the encryptor neither knows nor
cares, and if things go wrong, the signature fails and the
document is tossed.

There are two options:

1) Automatic superdecryption

   The encryptor mindlessly encrypts data. By mindless, I mean
   that it is pays no mind to, or is ignorant of, any signature(s)
   over the data.

   The verifier recursively decrypts unexcepted EncryptedData,
   subject to the hack that barename XPointer exceptions get
   dereferenced into these recursive node sets, and the knowledge
   that if the encryptor has mindlessly encrypted data that
   require document-relative or external same-document references
   to evaluate, or has encrypted data that are the target of
   a full XPointer or signature reference, decryption will fail.

   This is compatible with my last proposal. Just add recursion
   text and eliminate the SuperEncrypted Type for EncryptedData.

2) Encryptor-specified superdecryption

   a) The encryptor mindlessly encrypts data but never encrypts
      existing EncryptedData, avoiding the superdecryption
      problem. This is indifferent to 1.

   b) The encryptor encrypts data, but is mindful to only
      super-encrypt exceptional EncryptedData. These will
      not then be recursively decrypted.

   c) The encryptor super-encrypts unexceptional EncryptedData,
      mindful of the potential problems. It indicates this by
      using the SuperEncryptedData Type, and utilizing
      mechanisms to overcome the problems if necessary.

      i) Reform the EncryptedData to operate in its new
         context.
      ii) Use encryption properties to identify how
         references from internal data will resolve out
         to the original parent document.
      iii) Use encryption properties to identify how
         references from external data will resolve into
         the internal data.
      iv) Do nothing and hope for the best.

      These mechanisms are not practical in the general case.
      However, my assertion is that this type of operation
      won't be arbitrarily performed; it will be performed
      by a security-conscious application in a specific
      context.

So our options boil down to: 1) dumb encryptor, things may go
wrong, blah happens. 2) smart encryptor, things may go wrong
but there are potential mechanisms to overcome this.

There are fine, defensible arguments either way.

Merlin
Received on Thursday, 6 June 2002 14:00:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC