- From: Blair Dillaway <blaird@microsoft.com>
- Date: Fri, 20 Apr 2001 15:52:52 -0700
- To: <xml-encryption@w3.org>
re: - Takeshi: Does this mean the KeyRetrievalMethod element must not
occur
within the KeyInfo element of an EncryptedKey element?
http://lists.w3.org/Archives/Public/xml-encryption/2001Apr/0011.html
I believe the textual description for KeyRetrievalMethod should be
revised. The existing text was carried over from the 15-Dec-00 proposal
for EncryptedKeyReference (which is superceded by KeyRetrievalMethod).
In the earlier proposal we only considered the use of an
EncryptedKeyReference for locating an EncryptedKey element holding the
key to decrypt an EncryptedData's cipher data.
Given that we've made a number of generalizations in the syntax, I
beleive we should allow a KeyRetrievalMethod within either an
EncryptedData or EncryptedKey element. In either case, it is
interpreted as providing a reference to an EncryptedKey containing the
key material needed to decrypt the containing EncryptedData's or
EncryptedKey's cipher data. In the case of an EncryptedKey, it could be
used to reference a decryption key when using a symmetric keywrap
algorithm. I do not believe communicating decryption keying material
using multiple levels of symmetric keywrapping will be commonplace, but
I see no reason to disallow the construct. Disallowing it would
introduce additional syntactic restrictions that may complicate
implementation.
Hence I believe constructs such as those below should be allowed:
<EncryptedData>
<KeyInfo>
<KeyRetrievalMethod URI='someUri'/>
<KeyInfo>
<CipherData>encrypteddata</CipherData>
</EncryptedData>
or
<EncryptedKey>
<KeyInfo>
<KeyRetrievalMethod URI='someUri'/>
<KeyInfo>
<CipherData>encryptedkey</CipherData>
</EncryptedKey>
or
<EncryptedData>
<KeyInfo>
<EncryptedKey>
<KeyInfo>
<KeyRetrievalMethod URI='someUri'/>
</KeyInfo>
<CipherData>encryptedkey</CipherData>
</EncryptedKey>
<KeyInfo>
<CipherData>encrypteddata</CipherData>
</EncryptedData>
Received on Friday, 20 April 2001 19:27:06 UTC