RE: Latest Rough Draft

Blair,

>>Are you asking that text be added describing all the ways in which a
>>signature KeyInfo element may carry information about an asymmetric
>>encryption key?  This seems redunant to me.  Why isn't the reference to
>>the XML Signature specification sufficient?
>
>That may be sufficient, but I think additional text describing such ways
>may be helpful.  This is because a key used for decryption is different
>from that for verification.  That is, for verification, a user has to
>obtain the public key referenced directly by a KeyInfo element, while, for
>decryption, the user has to obtain the private key corresponding to the
>public key referenced by the element.

Let me correct my comment above.

That may be sufficient, but I think additional text may be helpful.  This
is because the KeyInfo element contains different information, depending on
applications.  That is, in XML Signature, it contains information about a
validation key, while, in XML Encryption, it contains information about an
encryption key used and hence references the corresponding decryption key
indirectly.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com

Received on Thursday, 19 April 2001 02:30:00 UTC