- From: <aaron.j.ferguson@us.pwcglobal.com>
- Date: Mon, 06 Nov 2000 08:55:45 -0500
- To: xml-encryption@w3.org
Folks: Even being a "newbie" at our most recent XML Encryption workshop, I felt a lot of progress was made. However, I still maintain that if we are going to at least acknowledge performance and efficiency, e.g., XPATH, with regard to encryption, if you agree that encryption implementation is a superset of performance and efficiency, we can not ignore implementation. I do not mean that we should specify implementation requirements for any algorithm used, I am merely stating that we must focus, or at least formally acknowledge, Huck and Priewe's Requirement R1.8, i.e. "discuss design issues, limitations, possible security leaks and pitfalls, as well as relationship to other security related XML activities, or other security architectures need to be discussed." Hackers do not attack crypto, they attack implementation! -Aaron Regards, Aaron J. Ferguson, Ph.D. PricewaterhouseCoopers LLP 1306 Concourse Drive, Suite 100 Linthicum, MD 21090 Voice: 410.412.7993 Fax: 410.412.7997 Email: aaron.j.ferguson@us.pwcglobal.com ABAS/TRS -- Balancing the need to connect with the need to protect ---------------------------------------------------------------- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Received on Monday, 6 November 2000 08:57:56 UTC