W3C home > Mailing lists > Public > xml-encryption@w3.org > June 2002

Re: Decryption Transform processing question

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Tue, 11 Jun 2002 01:08:49 +0900
To: merlin <merlin@baltimore.ie>
Cc: xml-encryption@w3.org
Message-ID: <OF38D3718E.A97222B9-ON49256BD4.0053B704@LocalDomain>


Merlin,

>2) Encryptor-specified superdecryption
>
>   c) The encryptor super-encrypts unexceptional EncryptedData,
>      mindful of the potential problems. It indicates this by
>      using the SuperEncryptedData Type, and utilizing
>      mechanisms to overcome the problems if necessary.

As I pointed out before, this is not possible when a signature is not
given.  Also, when encrypting exceptional and unexceptional EncryptedData
elements together, how should we do so?

However, I agree with you that, if a signature is given, an encryptor can
decide which EncryptedData element should be decrypted.  So how about the
following, which is opposite to 2):

3) Encryptor-specified super-undecryption

Decrypt all the EncryptedData elements recursively except for those
specified by the super-encrypting EncryptedData element.  Those could be
specified by decrypt:Except elements specified as encryption properties.
The mechanisms you proposed could be used in order to the problems.

This provides the same function as 2), but it would suit the concept of
decryption transform much better.  This means that we don't have to
reimplement the transform from scratch.  How do you feel?

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Monday, 10 June 2002 12:05:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC