RE: 4 Dec 2001 updated Section 5

Dropping "(explicitly or implicitly)" would certainly be fine. Your wording makes it sound like the agreement computation was outside the scope of the spec when it is inside.  If you want shorter, how about:


Note: XML Encryption does not provide an on-line key agreement negotiation 
protocol. The AgreementMethod element can be used by the originator to 
identify the keys and computational procedure that were used to obtain a shared encryption key. The method used to obtain or select the keys used for the agreement computation is beyond the scope of this specification.


Donald

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Thursday, December 06, 2001 11:40 AM
To: Donald E. Eastlake 3rd
Cc: Eastlake III Donald-LDE008; xml-encryption
Subject: Re: 4 Dec 2001 updated Section 5


On Wednesday 05 December 2001 21:13, Donald E. Eastlake 3rd wrote:
> Note: XML Encryption does not provide any on-line key agreement
> negotiation protocol. The key agreement structure defined here merely
> specifies (explicitly or implicitly) the keys and computational
> procedure that were used. The originator may have obtained the
> recipient key from a third party or through some protocol with the
> recipient which is beyond the scope of this document. However the two
> keys are obtained, they must be sufficiently trustworthy to meet the
> security policies in force.

Do we need the "(explicitly or implicitly)"? Implic specification is kind 
of odd, and we later note if something is optional. Trying to keep it tight, 
how about:

Note: XML Encryption does not provide an on-line key agreement negotiation 
protocol. The AgreementMethod element can be used by the originator to 
identify the keys and computational procedure that were used, outside the 
scope of this specification, to obtain the resulting shared key.

Received on Thursday, 6 December 2001 11:48:49 UTC