- From: Sanjeev Hirve <shirve@cyberelan.com>
- Date: Tue, 2 Jan 2001 11:13:06 -0500
- To: "xml-enc" <xml-encryption@w3.org>
- Cc: "Joseph M. Reagle Jr." <reagle@w3.org>
Received on Tuesday, 2 January 2001 11:09:00 UTC
With ref to the proposal "XML encryption syntax and processing" v 1.0, dated 2000/12/15, by Dillaway et al, I hav the following question. Section 2.5 states that "..it is not valid to nest these objects, i.e., an Encrypted Data may not be a child of an Encrypted Data." I dont understand the reason behind this constraint. Consider the case where a document is encrypted for multiple recipients. It is reasonable requirement that recipient A is authorized to access an element X and all its descendents, while recipient B may is authorized to access the same element X less some of its descendents, say element Y. A simple way to solve this is to first encrypt element Y with key K1, then encrypt element X with key K2. A has access to K1 and K2 and must decrypt elem X and then Y. I think, the following memo: http://lists.w3.org/Archives/Public/xml-encryption/2000Oct/att-0011/01-myproof-xml-encryption-position.html also refers to the same issue. regards SSH
Received on Tuesday, 2 January 2001 11:09:00 UTC