W3C home > Mailing lists > Public > xml-encryption@w3.org > August 2001

Re: Newer Nonce Proposal

From: Rich Salz <rsalz@zolera.com>
Date: Fri, 03 Aug 2001 00:11:13 -0400
Message-ID: <3B6A2461.E2C8D5E9@zolera.com>
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
CC: xml-encryption@w3.org
> Maybe I've missed something, but I think my proposal is about the best
> we can do with XML. About the only alternative is to add an attribute
> or parameter to EncryptionMethod which is how many bits to throw away
> from the front of the "plain text" to get the real plain text. I.E.,
> prefix the data octets with a nonce.

Then I think we'll have to go that way.  Or place a bet that the SOAP
1.1 spec will remove the PI prohibition.  Or say XML-ENC can't be used
to encrypt SOAP messages.

An attribute/param seems the safest.

Zolera Systems, Securing web services (XML, SOAP, Signatures,
Received on Friday, 3 August 2001 00:10:00 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:04 UTC