- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Thu, 19 Apr 2001 15:29:45 +0900
- To: "Blair Dillaway" <blaird@microsoft.com>
- Cc: "Joseph M. Reagle Jr." <reagle@w3.org>, "XML Encryption WG " <xml-encryption@w3.org>
Blair, >>Are you asking that text be added describing all the ways in which a >>signature KeyInfo element may carry information about an asymmetric >>encryption key? This seems redunant to me. Why isn't the reference to >>the XML Signature specification sufficient? > >That may be sufficient, but I think additional text describing such ways >may be helpful. This is because a key used for decryption is different >from that for verification. That is, for verification, a user has to >obtain the public key referenced directly by a KeyInfo element, while, for >decryption, the user has to obtain the private key corresponding to the >public key referenced by the element. Let me correct my comment above. That may be sufficient, but I think additional text may be helpful. This is because the KeyInfo element contains different information, depending on applications. That is, in XML Signature, it contains information about a validation key, while, in XML Encryption, it contains information about an encryption key used and hence references the corresponding decryption key indirectly. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Thursday, 19 April 2001 02:30:00 UTC