RE: Exactly how complex is Attribute Encryption from Joseph M. Reagle Jr. on 2001-02-22 (xml-encryption@w3.org from February 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 22 Feb 2001 16:02:36 -0500
To: Ed Simon <ed.simon@entrust.com>
Cc: Blair Dillaway <blaird@microsoft.com>, Phillip hallam-Baker <pbaker@verisign.com>, Public XML Encryption List <xml-encryption@w3.org>
Message-Id: <4.3.2.7.2.20010222154418.02b4de90@rpcp.mit.edu>

Ed,

I've been thinking about this proposal [1] but had some questions first.

[1] http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0106.html

You seem to be relying upon the Name to indicate what has changed. However, 
in one instance the value of Name corresponds to the original attribute 
value (secret.mpg), and the other to the attribute itself (alt). The first 
could be ambiguous because attribute values are not necessarily unique 
within an element. (There could be two attributes with the value of 
"secret.mpg"). Also, I don't understand the relationship between secret.mpg 
and secret.enc, are you encrypting the value, or the referent of the value 
when its a uriReference type? I'm not sure how you would do the later and 
I'd recommend just focusing on encrypting the . (Also, there may be some 
empty elements of the form <video/> which you will be forcing into a pair 
element with content <video>...</video>, but we're changing the content 
model in other ways, so this isn't a biggie.)

The way I could understand it better would be to simply replace the attr 
value. So in the following instance, if I want to encrypt the external 
resource *and* the attribute value of the alt:

<video src="secret.mpg" alt="Alien spaceship in hangar at Area 51."/>

I would alter it to:

   <video src="secret.xml" alt="#enc1">
    <EncryptedDataManifest>
      <EncryptedData ID="enc1" Type="AttributeValue">
        <CipherText>AbCd...WxYz</CipherText>
      </EncryptedData>
    </EncryptedDataManifest>
   </video>

and there's a seperate resource called secret.xml that looks like:

    <EncryptedData Type="video/mpeg" Name="secret.mpg">
       <CipherText>...</Ciphertext>
     </EncryptedData>



__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 22 February 2001 16:03:41 UTC