- From: Blair Dillaway <blaird@microsoft.com>
- Date: Thu, 19 Apr 2001 08:36:32 -0700
- To: "Takeshi Imamura" <IMAMU@jp.ibm.com>
- Cc: "Joseph M. Reagle Jr." <reagle@w3.org>, "XML Encryption WG " <xml-encryption@w3.org>
I support inclusion of clarifying text such as you describe below. Perhaps you can supply a paragraph for inclusion in the draft. Blair -----Original Message----- From: Takeshi Imamura [mailto:IMAMU@jp.ibm.com] Sent: Wednesday, April 18, 2001 11:30 PM To: Blair Dillaway Cc: Joseph M. Reagle Jr.; XML Encryption WG Subject: RE: Latest Rough Draft Blair, >>Are you asking that text be added describing all the ways in which a >>signature KeyInfo element may carry information about an asymmetric >>encryption key? This seems redunant to me. Why isn't the reference to >>the XML Signature specification sufficient? > >That may be sufficient, but I think additional text describing such ways >may be helpful. This is because a key used for decryption is different >from that for verification. That is, for verification, a user has to >obtain the public key referenced directly by a KeyInfo element, while, for >decryption, the user has to obtain the private key corresponding to the >public key referenced by the element. Let me correct my comment above. That may be sufficient, but I think additional text may be helpful. This is because the KeyInfo element contains different information, depending on applications. That is, in XML Signature, it contains information about a validation key, while, in XML Encryption, it contains information about an encryption key used and hence references the corresponding decryption key indirectly. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Tuesday, 24 April 2001 00:12:23 UTC