RE: Algorithm Selections from Ed Simon on 2000-11-15 (xml-encryption@w3.org from November 2000)

From: Ed Simon <ed.simon@entrust.com>
Date: Wed, 15 Nov 2000 17:07:18 -0500
To: Public XML Encryption List <xml-encryption@w3.org>
Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE37106D027@sottmxs08>
The idea is that XML Encryption should support the encryption of arbitrary
data as well as XML elements and attributes.  For example,

<EncryptedDataManifest xmlns="http://www.example.org/xmlenc">

  <EncryptedData Type="video/mpeg" Name="secret.mpg">
    <DecryptionInfo>...</DecryptionInfo>
    <CipherText URI="http://www.example.com/videos/secret.enc"/>
  </EncryptedData>

  <EncryptedData Type="text" Name="secret.txt">
    <DecryptionInfo>...</DecryptionInfo>
    <CipherText>JkE4T6S...</CipherText>
  </EncryptedData>

</EncryptedDataManifest>

In the above, secret.enc would be an encrypted MPEG video stream, and the
<DecryptionInfo> would provide the info necessary for decrypting it.

Now how would this work in SMIL, or indeed any XML where one wants to
encrypt linked data such as a GIF used by an XHTML file?  I haven't thought
about this thoroughly yet, but here's an initial idea.

The plaintext SMIL file:

<smil>
...
<video src="secret.mpg"/>
...
</smil>

And here's the SMIL file after the MPEG has been encrypted and stored in
"secret.enc" (and secret.mpg deleted):

<smil>
...
<video src="secret.mpg" enc:EncryptedDataManifest="./EncryptedDataManifest"
xmlns:enc="http://www.example.org/xmlenc">
  <EncryptedDataManifest xmlns="http://www.example.org/xmlenc">
    <EncryptedData Type="video/mpeg" Name="secret.mpg">
      <DecryptionInfo>...</DecryptionInfo>
      <CipherText URI="http://www.example.com/videos/secret.enc"/>
    </EncryptedData>
  </EncryptedDataManifest>
</video>
...
</smil>

When a SMIL app is processing the <video> element, it detects that there is
an EncryptedDataManifest attribute pointing to data that needs to be
decrypted.  Upon decrypting the contents of the manifest, it processes the
<video> element in the normail way.  In the case of streaming, the
application may decrypt a block, stream it, decrypt the next block, stream
that, and so on.  (A general application-level processing rule for XML
Encryption is that upon detection of encrypted data, that data be decrypted,
if possible, before the application does any further processing.)

To be honest, I need to learn more about SMIL and streaming technology
myself but hopefully I've expressed the scenario adequately here.

Regards, Ed

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Wednesday, November 15, 2000 4:09 PM
To: Ed Simon
Cc: Public XML Encryption List
Subject: RE: Algorithm Selections


At 15:40 11/15/2000 -0500, Ed Simon wrote:
>If XML Encryption is to be used for streaming media, as discussed in my 
>presentation at the work shop, then we will also need streaming ciphers.

Ed,  at the workshop you mentioned things like SMIL which I'm somewhat 
unfamiliar with. I don't believe the SMIL instance is streamed, instead it's

a discrete object that includes meta-data (synchronization) and 
references/invocations of streams [1]. Could you provide an example/scneario

of how one would use XML Encryption with streaming ciphers?


[1] 
http://www.w3.org/TR/2000/WD-smil20-20000921/extended-media-object.html#edef
-ref

__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Wednesday, 15 November 2000 17:08:12 UTC