W3C home > Mailing lists > Public > xml-encryption@w3.org > December 2000

RE: Encrypting entire documents in XML Proposal? (and any arbitra ry data)

From: Ed Simon <ed.simon@entrust.com>
Date: Fri, 22 Dec 2000 08:38:20 -0500
Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE37106D097@sottmxs08.entrust.com>
To: xml-encryption@w3.org
Not only would I like to see XML Encryption support the encryption of entire
XML documents but I would like to see it support encryption of arbitrary
data not necessarily connected with an XML instance.  Given that XML signing
supports these signing of arbitrary data and whole XML instances, I think it
only makes sense that XML Encryption be similarly flexible.  

Imagine an XML-centric system that wants to encrypt various pieces of data
(GIFs, MPEGs, whole XML instances, XML elements, the content of specific XML
elements, etc.).  Wouldn't it be absurd if the designers of the system were
able to use XML Signatures for all these items, but only able to use XML
Encryption for some data, and had to revert to PKCS#7 for those types of
data XML Encryption does not support.

The good news is that I think the current spec already has the basis for
meeting these requirements; here's an example of how I see it being used to
encrypt the types of data just discussed:

<?xml version="1.0" encoding="UTF-8"?>
<root xmlns=".../mycompany/secretlab/directions">
<!-- Encrypted GIF converted to base64 and put inline -->
<EncryptedData xmlns=".../xml/encryption" Type="image/gif">
<!-- Encrypted GIF whose encrypted bytes reside externally -->
<EncryptedData xmlns=".../xml/encryption" Type="image/gif">
<CipherText URI="http://www.example.com/secretlab/map_gif.enc"/>
<!-- Encrypted whole XML document converted to base64 and put inline -->
<EncryptedData xmlns=".../xml/encryption" Type="text/xml">
<!-- Encrypted whole XML document whose encrypted bytes reside externally
<EncryptedData xmlns=".../xml/encryption" Type="text/xml">
<CipherText URI="http://www.example.com/secretlab/directions_xml.enc"/>

-----Original Message-----
From: Hiroshi Maruyama [mailto:MARUYAMA@jp.ibm.com]
Sent: Thursday, December 21, 2000 7:27 PM
To: xml-encryption@w3.org
Subject: RE: Encrypting entire documents in XML Proposal?

From: Hiroshi Maruyama on 2000/12/22 09:19

To:   Ed Simon <ed.simon@entrust.com>
From: Hiroshi Maruyama/Japan/IBM@IBMJP
Subject:  RE: Encrypting entire documents in XML Proposal?  (Document link:
      Hiroshi Maruyama)

In Section 4.2, Step 4 says

"This XML fragment is converted into the character
encoding of the surrounding document and then
replaces the data in the document  ..."

This means, if the document start with a prolog

<?xml version="1.0" encoding="Shift_JIS"?>

the decrypted octet string (in UTF-8) is converted
into Shift_JIS first.  I think a real question is whether
we allow Nodes outside of the root element (e.g.,
<!DOCTYPE> declaration) to be encrypted.  The
current spec does not, and I think it is reasonable,
because you can always treat an entire document as
an external octet string.


Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory

From: Ed Simon <ed.simon@entrust.com>@w3.org on 2000/12/22 04:03

Please respond to Ed Simon <ed.simon@entrust.com>

Sent by:  xml-encryption-request@w3.org

To:   "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Subject:  RE: Encrypting entire documents in XML Proposal?

It is true that well-formed documents require a prologue but it is
also true that the prologue may be empty.  In other words,

<?xml version="1.0" encoding="UTF-16"?>

is well-formed but so is


In both cases, if encrypting the entire XML instance, one
would end up with

<EncryptedData Type="Document"

which is also a well-formed document which has an empty prologue and
is therefore, by default, UTF-8 and version 1.0.

A question which remains to be answered is whether this model
stands the test of various character encodings.  I believe
Hiroshi and Takeshi feel that various character encodings could
cause problems (Hiroshi and Takeshi, please correct me if I
misunderstand).  As for me, I expect that there could be a
problem here, but I don't want to introduce a requirement for
canonicalization unless I see proof of it.

-----Original Message-----
From: Thane Plambeck [mailto:tplambeck@verisign.com]
Sent: Thursday, December 21, 2000 12:57 PM
To: 'xml-encryption@w3.org'
Subject: FW: Encrypting entire documents in XML Proposal?

In section 5.7 of this doc (encrypting an entire XML document)
perhaps the prologue should not be encrypted?  At least we perserve
well-formedness then for entire documents.

I realize that encrypting just the root element and not the prologue
is already covered by the case of encrypting an entire element.
So I guess the question is, should XML Encryption really say anything
about encrypting entire documents, including the prologue?  If it does
then we are left with the consequence of XML Document encryption leaving
us with non-well formed XML, which requires a prologue.


Thane Plambeck
650 429 5247 direct, Mt View Office
650 321 4884 home office
650 323 4928 home office fax

-----Original Message-----
From: Blair Dillaway [mailto:blaird@microsoft.com]
Sent: Friday, December 15, 2000 2:41 PM
To: xml-encryption@w3.org
Cc: Hiroshi Maruyama; Brian LaMacchia; Barb Fox; 'Ed Simon'; 'Takeshi
Imamura'; jimsch@nwlink.com
Subject: Proposal for XML Encryption Syntax and Processing

We respectfully submit the attached specification
as a suggested starting point for the XML Encryption Working
Group effort.  This work builds on earlier papers and
on-going discussions.

We look forward to comments and continuing discussions
to resolve the open issues identified in this document.

Blair Dillaway, Barbara Fox, Takeshi Imamura,
Brian LaMacchia, Hiroshi Maruyama, Jim Schaad,
Ed Simon
Received on Friday, 22 December 2000 08:40:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:01 UTC