Section 3.4: Extensions to ds:KeyInfo Element from Donald E. Eastlake 3rd on 2001-07-05 (xml-encryption@w3.org from July 2001)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Wed, 04 Jul 2001 21:06:47 -0400
To: xml-encryption@w3.org
Message-Id: <200107050106.VAA0000008603@torque.pothole.com>

I have some problems with the wording of this section. It seesm to be
full of "may" type descriptions without any indication of what, if
anything, is mandatory or recommended or optional for
interoperability. It is unclear, in some cases, whether things outside
what this section says "may" be supported are available as options,
etc. 3.4 item 1 subitem 2 seems to restrict RetrievalMethod's that
appear inside a KeyInfo inside an EncryptedData or EncryptedKey to
retrieve only EncryptedKey or KeyName items. What's wrong with
retrieving an X509Data, etc.?

Appended at the end of this message is a proposed replacement of 3.4
and the initial material in it up to the 3.4.1 secgtion heading.

Section 3.4.1 is pretty good.

In section 3.4.2, it seems to me that RetrievalMethod is just a way to
get anything which could appear as a child of KeyInfo (and maybe a bit
more with *raw elements). I don't see the point of claiming that
RetrievalMethod always points to an EncryptedKey.

Thanks,
Donald
=====================================================================
 Donald E. Eastlake 3rd                      dee3@torque.pothole.com
 155 Beaver Street                                +1 508-634-2066(h)
 Milford, MA 01757 USA                            +1 508-261-5434(w)


3.4 Decryption Keying Information

There are three ways that the keying material needed to decrypt
CipherData can be provided:

1. The EncryptedData or EncryptedKey element specify the associated
keying material via a KeyInfo element child. All of the child elements
of KeyInfo specified in the XMLDSIG can appear. In addition, KeyInfo
is extended to allow two additonal child elements: EncryptedKey as
described in Section 3.4.1 and AgreementMethod as described in Section
5.5.

2. A detached (not inside KeyInfo) EncryptedKey element can spcify the
EncryptedData or EncryptedKey to which its decrypted key will apply
via a DataReference element as descrbibed in Section 3.4.1.

3. The keying material can be determined by the recipient by
application context and thus need not be explicitly mentioned in the
trasmitted XML.

Support is required for KeyValue, EncryptedKey, and same document
RetrievalMethod references as children of KeyInfo. Support of
KeyName to refer to an EncryptedKey CarriedKeyName is recommended.


--VAA0000008507.994294913/torque.pothole.com--


------- End of Forwarded Message

Received on Wednesday, 4 July 2001 21:07:47 UTC