- From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
- Date: Wed, 4 Jul 2001 09:05:45 +0900
- To: John Cowan <cowan@mercury.ccil.org>
- Cc: "Scherling, Mark" <mscherling@rsasecurity.com>, "'Joe Meadows'" <joe.meadows@boeing.com>, "Joseph M. Reagle Jr." <reagle@w3.org>, John Cowan <cowan@mercury.ccil.org>, John Cowan <jcowan@reutershealth.com>, "Takeshi Imamura" <IMAMU@jp.ibm.com>, xml-encryption@w3.org
John, > But what we are talking about here is *partly* encrypted documents. Why > should one want to sign the whole of such a thing, when it is just as easy > to sign only the part one can read? Because sometimes it is required to cryptographically bind an encrypted data with plaintext data. A good example is SET, where a consumer signs an purchase order consisting of (1) a list of ordered items in plaintext and (2) an encrypted creditcard number. The recipient of the order, an Internet shop, does not need to know the creditcard number as long as they can validate it by sending the encrypted data to a creditcard company. However, the shop MUST verify the signature without decrypting the creditcard number. -- Hiroshi Maruyama Manager, Internet Technology, Tokyo Research Laboratory +81-46-215-4576 maruyama@jp.ibm.com
Received on Tuesday, 3 July 2001 20:05:58 UTC