Re: Section 3.4: Extensions to ds:KeyInfo Element from Joseph M. Reagle Jr. on 2001-07-05 (xml-encryption@w3.org from July 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 05 Jul 2001 18:38:32 -0400
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
Cc: xml-encryption@w3.org
Message-Id: <4.3.2.7.2.20010705182114.00b84ee8@localhost>

[ Resulting Document:
         http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
         $Revision: 1.24 $ on $Date: 2001/07/05 22:37:39 $
]

At 21:06 7/4/2001, Donald E. Eastlake 3rd wrote:
>I have some problems with the wording of this section. It seesm to be
>full of "may" type descriptions without any indication of what, if
>anything, is mandatory or recommended or optional for
>interoperability.

Good point. This section is supposed to demonstrate the ways in which a key 
may be found, but we don't specify which of the features MUST be supported. 
(This is independent from the actual keys and algorithms supported.) One 
option is to say REQUIRED to the obvious "find the key in the KeyInfo", and 
ds:RetrievalMethod should be RECOMMENDED or REQUIRED. What do others think? 
But barring objecting, I'll move forward with your proposed text (with a few 
editorial tweaks).

>  It is unclear, in some cases, whether things outside
>what this section says "may" be supported are available as options,
>etc. 3.4 item 1 subitem 2 seems to restrict RetrievalMethod's that
>appear inside a KeyInfo inside an EncryptedData or EncryptedKey to
>retrieve only EncryptedKey or KeyName items. What's wrong with
>retrieving an X509Data, etc.?

I added "For example" to demonstrate that's one option among many.

>In section 3.4.2, it seems to me that RetrievalMethod is just a way to
>get anything which could appear as a child of KeyInfo (and maybe a bit
>more with *raw elements). I don't see the point of claiming that
>RetrievalMethod always points to an EncryptedKey.

Oops, that text is a stupid left-over from my last minute edit to move

KeyRetrievalMethod to ds:RetrievalMethod. Now reads:
The ds:RetrievalMethod [XMLDSIG]with a Type of 
'http://www.w3.org/2001/04/xmlenc#EncryptedKey' provides a way to express a 
link to an EncryptedKey element containing the key needed to decrypt the 
CipherData associated with an EncryptedData or EncryptedKey element.

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 5 July 2001 18:38:52 UTC