- From: Stephen Farrell <stephen.farrell@baltimore.ie>
- Date: Tue, 29 Aug 2000 10:57:25 +0100
- To: Malte Borcherding <Malte.Borcherding@brokat.com>
- CC: Don Davis <dtd@world.std.com>, Ed Simon <ed.simon@entrust.com>, xml-encryption@w3.org
Malte Borcherding wrote:
> I do not think that the encryption layer should be used as a means to securely
> transport information about the intended recipient,
Actually, the recipient's not the problem (at least the one I was talking
about), but the encryptor.
As you imply, if this is a concern, then its sensible to include the encryptor's
name (or keyInfo or whatever identifying string) in the plaintext.
I also would hate to see anyone mandate sign/wrap/sign ("please enter you PIN..."
pause..."please enter you PIN...").
However, for the specific case of signed(wrapped(msg)), since the keyInfo in
the Signature carries identification, if that were inside the encryption then
the solution would be neat. I've no idea how this could be done however, so maybe
we should just drop the thread and get on with discussion encryption.
Stephen.
--
____________________________________________________________
Stephen Farrell
Baltimore Technologies, tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane, fax: +353 1 647 7499
Dublin 2. mailto:stephen.farrell@baltimore.ie
Ireland http://www.baltimore.com
Received on Tuesday, 29 August 2000 05:56:49 UTC