- From: David Orchard <david.orchard@bea.com>
- Date: Thu, 10 Jan 2002 18:10:38 -0800
- To: "'Mark Baker'" <distobj@acm.org>
- Cc: "'Rich Salz'" <rsalz@zolera.com>, <xml-dist-app@w3.org>
> > > I'm not sure what the right way to design this would be. > You could encrypt > > the entire header element. Then when it's decrypted, > whoever decrypted it > > could see the actor, plus whatever else is in the header. > Unless we allow > > nested encryption, which makes my brain hurt even more. > > > > I see a rat's nest ahead as we tumble down the slippery slope. > > You and your slippery slopes. 8-) > I know, I'm on a slippery slope of seeing slippery slopes :-) I think I should go snowboarding or something with all the slopes. > > I really believe we need more use cases on these various > types. Oh wait, > > I'm supposed to write use cases. > > Sure, those would help. > > I'm thinking that we need to require that the root element of each > header block be unencrypted. In other words, the header "name" > and qualifiers (actor, mustUnderstand) MUST be visible. But the > header "value" (block content) should be able to be encrypted. > > I think this is the minimum that should be done to ensure that > encryption doesn't mess with the processing model. I think I agree with this. How/where should this be written up? Cheers, Dave
Received on Thursday, 10 January 2002 21:14:08 UTC