Re: Decryption Transform

At 22:17 7/2/2001, John Cowan wrote:
>I am arguing that the whole verify-decrypt-verify scenario is bad practice:
>it comes about only if people sign encrypted material, *which they should
>never do*.  We may need it nonetheless to compensate for pre-existing
>bad practice.

I disagree with this. It's important to get the semantics of what you are 
doing right, instead of always precluding the signing of encrypted data. 
(There's lots of content-neutral signing scenarios where applications might 
sign (with a time stamp semantic) SOAP payloads and such without bothering 
to decrypt data. In fact, the whole point of this spec is to indicate where 
you signed the plain text form, and where not!)

I've placed an editors' copy of the spec on the Web to track changes, and it 
includes my two proposals on this note including a new security section.

[
http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html#sign-what-you-see
$Revision: 1.2 $ on $Date: 2001/07/03 20:50:23 $
]




--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Tuesday, 3 July 2001 16:55:19 UTC