RE: Latest Rough Draft from Blair Dillaway on 2001-04-18 (xml-encryption@w3.org from April 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 18 Apr 2001 08:37:23 -0700
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "XML Encryption WG " <xml-encryption@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637921F975@red-msg-01.redmond.corp.microsoft.com>

Takeshi,

I must also admit I don't understand what it is you wish to change in
the draft.  I do understand that if one has encrypted information using
an asymmetric key, then one can provide information about the private
decryption key using a KeyInfo element containing an X509Data element
holding a certificate with the public key.  But one could also provide
this information using other elements defined for Signature KeyInfo such
as KeyName, KeyValue, SPKIData, or PGPData.

Are you asking that text be added describing all the ways in which a
signature KeyInfo element may carry information about an asymmetric
encryption key?  This seems redunant to me.  Why isn't the reference to
the XML Signature specification sufficient?

Blair



-----Original Message-----
From: Takeshi Imamura [mailto:IMAMU@jp.ibm.com]
Sent: Tuesday, April 17, 2001 8:51 PM
To: Joseph M. Reagle Jr.
Cc: XML Encryption WG 
Subject: Re: Latest Rough Draft




Joseph,

>>3.4 Extensions to enc:KeyInfo Element
>>
>> >1. The EncryptedData or EncryptedKey element specifies the
associated
key
>> material:
>>The key value may be indicated by specifying the X509Data element for
the
>>corresponding public key.
>
>I don't understand.

Suppose Alice is delivering a key material to Bob using key transport.
If
Alice uses Bob's public key in his X.509 certificate, an X509Data
element
for the certificate may be used for referencing the corresponding
private
key.  So an EncryptedData element would be:

<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#’>
  <EncryptionMethod Algorithm='urn:nist-gov:aes-128-cbc'/>
  <KeyInfo xmlns=’http://www.w3.org/2000/09/xmldsig#’>
    <EncryptedKey xmlns='http://www.w3.org/2001/04/xmlenc#’>
      <EncryptionMethod Algorithm=' urn:rsadsi-com:rsa-v2.0'/>
      <KeyInfo xmlns=’http://www.w3.org/2000/09/xmldsig#’>
        <X509Data>
          <X509SubjectName>CN=Bob,C=US</X509SubjectName>
        </X509Data>
      </KeyInfo>
      <CipherData>(encrypted key material)</CipherData>
    </EncryptedKey>
  </KeyInfo>
  <CipherData>(encrypted data)</CipherData>
</EncryptedData>

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com

Received on Wednesday, 18 April 2001 12:02:36 UTC