- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 03 Jul 2001 16:55:10 -0400
- To: John Cowan <cowan@mercury.ccil.org>
- Cc: John Cowan <jcowan@reutershealth.com>, imamu@jp.ibm.com, maruyama@jp.ibm.com, xml-encryption@w3.org
At 22:17 7/2/2001, John Cowan wrote: >I am arguing that the whole verify-decrypt-verify scenario is bad practice: >it comes about only if people sign encrypted material, *which they should >never do*. We may need it nonetheless to compensate for pre-existing >bad practice. I disagree with this. It's important to get the semantics of what you are doing right, instead of always precluding the signing of encrypted data. (There's lots of content-neutral signing scenarios where applications might sign (with a time stamp semantic) SOAP payloads and such without bothering to decrypt data. In fact, the whole point of this spec is to indicate where you signed the plain text form, and where not!) I've placed an editors' copy of the spec on the Web to track changes, and it includes my two proposals on this note including a new security section. [ http://www.w3.org/Encryption/2001/Drafts/xmlenc-decrypt.html#sign-what-you-see $Revision: 1.2 $ on $Date: 2001/07/03 20:50:23 $ ] -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Tuesday, 3 July 2001 16:55:19 UTC