ISSUE-107: deprecate decryption transform?, see what you sign and workflow [v.next (Design for XML Signature V Next)] from XML Security Working Group Issue Tracker on 2009-02-24 (public-xmlsec@w3.org from February 2009)

From: XML Security Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Tue, 24 Feb 2009 21:33:33 +0000 (GMT)
To: public-xmlsec@w3.org
Message-Id: <20090224213333.69BD45F74F@stu.w3.org>

ISSUE-107: deprecate decryption transform?, see what you sign and workflow [v.next (Design for XML Signature V Next)]

http://www.w3.org/2008/xmlsec/track/issues/107

Raised by: Ed Simon
On product: v.next (Design for XML Signature V Next)

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0006.html

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0007.html

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0008.html

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/att-0009/00-part (Pratik)

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0011.html

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0013.html

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0014.html

I struggle to find a scenario where all of the following hold:

1) use of the decryption transform is necessary 

2) it provides correct guarantees of authentication, privacy and secure operation in the presence of an adversary

3) it is more appropriate than specifying ordering explicitly with an XProc workflow, a protocol specification or as an implicit part of application logic

Of these, I'm most opinionated that (2) should not be neglected as a necessary condition of any feature proposed for inclusion in the 2.0 specs.

http://lists.w3.org/Archives/Public/public-xmlsec/2009Feb/0015.html

Received on Tuesday, 24 February 2009 21:33:41 UTC