RE: Updated Section 4. from Blair Dillaway on 2001-08-23 (xml-encryption@w3.org from August 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Thu, 23 Aug 2001 10:13:10 -0700
To: <reagle@w3.org>, "XML Encryption WG" <xml-encryption@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CAC159@red-msg-01.redmond.corp.microsoft.com>

Most of your edits are good.  But, you dropped a few things that I think
should be added back in per the list below.

On the issue of 'replacement' ops being required vs recommended.  I
picked up the recommended tag from an earlier draft.  I'm OK with this
being a MUST.

Section 4.1

Step 2 - You've dropped the information on how an EncryptedKey is
constructed and encoded.  It either needs to be added back in here or
possibly combined with the processing rules in Step 4 since it parallels
the EncryptedData

Step 3.  The Encryptor always treats the data as an octet sequence.  In
sub-step 2 it should say something like "If the data is of any other
type, the application is responsible for defining the encoding into an
octet sequence."  Also, add back in a statement that the Encryptor is
not responsible for validating the input.

Step 5 - When returning the UTF-8 encoded EncryptedData, do we need to
state whether this is returned as a serialized string or  some other
implementation-defined manner?  Given all the requirements to support
UTF-8 serialized representations seems like this should be the default
everyone must support.  If they also want to return DOM nodes or SAX
events seems fine to me, but its value added.

In doing replacement please add back in a statement that changing the
character encoding to that of the target document may be required.  

Section 4.2

Step 3.  Should the ability to pass a decrypted key value to the app be
required or recommended. I suggest required.

Blair

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org] 
Sent: Wednesday, August 22, 2001 2:28 PM
To: Blair Dillaway; XML Encryption WG
Subject: Re: Updated Section 4.

On Tuesday 21 August 2001 12:53, Blair Dillaway wrote:
> Attached is my suggested update to Section 4 of the spec.  Joseph, 
> I've put it in HTML as you requested.  This reflects my earlier 
> proposal and feedback from Ed and Takeshi.  I've also done an 
> editorial pass to clean up the wording in several places.

Thanks Blair, it's now clear it was under-specified before! <smile/>

I've had a go as well. I made a bunch of tweaks but I think most are for
the 
best. (If I missed something, please push back.) Some of the substantive

tweaks/questions I have are:

1. On the replace, do we need to force the encoding of EncryptedData
during 
encryption? (Probably so....)
2. Also, I thought we agreed that the encrypt and replace was REQUIRED
to 
implement but optional to use?

Received on Thursday, 23 August 2001 13:14:28 UTC