Encryption Standards


Even being a "newbie" at our most recent XML Encryption workshop, I felt a lot
of progress was made. However, I still maintain that if we are going to at least
acknowledge performance and efficiency, e.g., XPATH, with regard to encryption,
if you agree that encryption implementation is a superset of performance and
efficiency, we can not ignore implementation.

I do not mean that we should specify implementation requirements for any
algorithm used, I am merely stating that we must focus, or at least formally
acknowledge, Huck and Priewe's Requirement R1.8, i.e. "discuss design issues,
limitations, possible security leaks and pitfalls, as well as relationship to
other security related XML activities, or other security architectures need to
be discussed."

Hackers do not attack crypto, they attack implementation!



Aaron J. Ferguson, Ph.D.
PricewaterhouseCoopers LLP
1306 Concourse Drive, Suite 100
Linthicum, MD 21090
Voice: 410.412.7993
Fax: 410.412.7997
Email: aaron.j.ferguson@us.pwcglobal.com

ABAS/TRS -- Balancing the need to connect with the need to protect
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material.  Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited.   If you received this in error, please
contact the sender and delete the material from any computer.

Received on Monday, 6 November 2000 08:57:56 UTC