xml encryption questions

Makato

I give answers to your questions on XML Encryption 1.1 [1]  below.

Magnus and WG members, can you please confirm I got this right,  
especially whether DHKeyValue can be used in both OriginatorKeyInfo  
and RecipientKeyInfo.


> Is http://www.w3.org/2001/04/xmlenc#DHKeyValue specified as a value of
> @Algorithm of the AgreementMethod element?  Or, is it always "used as
> the value of the Type attribute of Reference or ds:RetrievalMethod
> elements" (5.6.1)?



It is meant for the Type attribute as noted in 5.6.1.
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-DHKeyValue


The algorithm for the AgreementMethod is one of those listed in the  
table in 5.1.1,

	• optional Diffie-Hellman Key Agreement (Ephemeral-Static mode) with  
Legacy Key Derivation Function
http://www.w3.org/2001/04/xmlenc#dh
	• optional Diffie-Hellman Key Agreement (Ephemeral-Static mode) with  
explicit Key Derivation Functions
http://www.w3.org/2009/xmlenc11#dh-es
	• required Elliptic Curve Diffie-Hellman (Ephemeral-Static mode)
http://www.w3.org/2009/xmlenc11#ECDH-ES


> Where does the DHKeyValue element occur?  As a child of the
> AgreementMethod element?


DHKeyValue is a child of ds:KeyValue; child of OriginatorKeyInfo or  
RecpientKeyInfo, under  AgreementMethod,

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-DHKeyValue

http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm#sec-Alg-KeyAgreement



> When http://www.w3.org/2001/04/xmlenc#DHKeyValue is specified as a  
> value
> of @Algorithm of the AgreementMethod element, what is permitted as
> paramaters other than OriginatorKeyInfo and RecipientKeyInfo?

I don't think it is used as the algorithm value, that would be one of  
the ones listed above in this email.

Do we need any additional clarifying text in the specification?

regards, Frederick

Frederick Hirsch
Nokia


[1] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.htm

Received on Friday, 5 March 2010 19:51:01 UTC