- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 6 Dec 2001 11:40:09 -0500
- To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>, xml-encryption <xml-encryption@w3.org>
On Wednesday 05 December 2001 21:13, Donald E. Eastlake 3rd wrote: > Note: XML Encryption does not provide any on-line key agreement > negotiation protocol. The key agreement structure defined here merely > specifies (explicitly or implicitly) the keys and computational > procedure that were used. The originator may have obtained the > recipient key from a third party or through some protocol with the > recipient which is beyond the scope of this document. However the two > keys are obtained, they must be sufficiently trustworthy to meet the > security policies in force. Do we need the "(explicitly or implicitly)"? Implic specification is kind of odd, and we later note if something is optional. Trying to keep it tight, how about: Note: XML Encryption does not provide an on-line key agreement negotiation protocol. The AgreementMethod element can be used by the originator to identify the keys and computational procedure that were used, outside the scope of this specification, to obtain the resulting shared key.
Received on Thursday, 6 December 2001 11:40:15 UTC