Re: 4 Dec 2001 updated Section 5 from Donald E. Eastlake 3rd on 2001-12-06 (xml-encryption@w3.org from December 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 05 Dec 2001 21:13:37 -0500
To: reagle@w3.org
cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption <xml-encryption@w3.org>
Message-Id: <200112060213.VAA0000030679@torque.pothole.com>

While that's better, I'm not sure it really captures it... how about

Note: XML Encryption does not provide any on-line key agreement
negotiation protocol. The key agreement structure defined here merely
specifies (explicitly or implicitly) the keys and computational
procedure that were used. The originator may have obtained the
recipient key from a third party or through some protocol with the
recipient which is beyond the scope of this document. However the two
keys are obtained, they must be sufficiently trustworthy to meet the
security policies in force.

Donald

From:  Joseph Reagle <reagle@w3.org>
Organization:  W3C
To:  Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>,
            xml-encryption <xml-encryption@w3.org>
Date:  Wed, 5 Dec 2001 15:15:29 -0500
Cc:  Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>,
            Donald E Eastlake 3rd <dee3@torque.pothole.com>
References:  <1DE737930E15D511B64400D0B76FE26201A5BC62@ma07exm01.corp.isg.mot.com>
In-Reply-To:  <1DE737930E15D511B64400D0B76FE26201A5BC62@ma07exm01.corp.isg.mot.com>
Message-Id:  <20011205201529.02F2A107D@policy.w3.org>

>On Wednesday 05 December 2001 14:26, Eastlake III Donald-LDE008 wrote:
>> I guess it really makes no difference if the key agreement is a previous
>> on-line, previous off-line, or contemporaneous off-line key derivation.
>> The point is that there isn't any on-line protocol provided by XML DSIG
>> or ENC so creation of the shared secret is not part of the processing
>> they describe.
>
>Is this then still accurate:
>
>Note: XML Encryption does not provide an on-line key agreement negotiation 
>protocol. The key agreement structure defined here merely provides 
>information that can be used to define the result of such a previous 
>agreement.
>
>
>-- 
>
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
>

Received on Wednesday, 5 December 2001 21:16:09 UTC