W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

Integrity check

From: Sanjeev Hirve <shirve@cyberelan.com>
Date: Mon, 8 Jan 2001 15:41:08 -0500
Message-ID: <0de601c079b3$54a350f0$0800010a@cyberelan.com>
To: "xml-enc" <xml-encryption@w3.org>
Cc: "Raju Nadakaduty" <praju@cyberelan.com>, "Marcus A Cuda" <mcuda@cyberelan.com>, "Michael Sakhatsky" <msakhatsky@cyberelan.com>
I would like to propose introducing an optional integrity check in the XML encryption standard.
   an optional attribute or child element in DataReference and KeyReference.  The check can be the SHA-1 digest of the cleartext.
The checksum may be used in the following situation:
- the decrypting party does not have access to only part of the document
- it is considered too expensive to appy PK signatures on individual parts of the doc
- the party that can decrypt the encryption-key, does not have access to the encrypted data.  The party that has access to the encrypted data cannot decrypt the encryption-key.
This can provide a cheap and secure alternative to PK signatures, to protect against intentional tampering of the ciphertext.
Received on Monday, 8 January 2001 15:37:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:01 UTC