RE: Draft Minutes from 010611 Teleconf (changes) from Blair Dillaway on 2001-06-13 (xml-encryption@w3.org from June 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Wed, 13 Jun 2001 08:44:44 -0700
To: <edsimon@xmlsec.com>, <xml-encryption@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCD10@red-msg-01.redmond.corp.microsoft.com>

To reiterate my earlier point, this is not an encryption problem.  It's
a serialization problem.  The serialized representation a reciever ends
up with is whatever the sender created.  The fact it isn't the same as
some other serialization the sender had access too may or may not be a
problem.  But the behavior you are describing can occur when
communicating a clear-text serialized representation.  It doesn't matter
whether encryption was involved or not.

So if any discussion of this topic remains in the spec, I believe it
should reflect the implications of XML not having a single defined
serialization format.  But it should not be implied that encryption is
contributing to this problem.
 

-----Original Message-----
From: edsimon@xmlsec.com [mailto:edsimon@xmlsec.com] 
Sent: Tuesday, June 12, 2001 7:22 AM
To: xml-encryption@w3.org
Subject: RE: Draft Minutes from 010611 Teleconf (changes)


Ed wrote
>>We're dropping the discussion of 'reversible transforms' from the spec
so
>>the last item is moot anyway.
then Joseph wrote
>BTW: I still thought a sentence or two was merited, so have a look at 
>the
>
>most recent proposed edits I posted yesterday. 
>http://www.w3.org/Encryption/2001/05/11-proposal.html#sec-CipherReferen
>ce

Transforms must be completely reversible iff an application requires
that the decrypted result be bit-by-bit or character-by-character
exactly what was encrypted.  In pre-XML encryption, it would generally
be considered a problem if the post-decryption bits didn't exactly match
the pre-encryption bits.  However, in the brave new world of XML, some
applications may not care if when
<element   attr1='blah1'  attr2="blah2"    />
gets encrypted but the decrypted result is
<element attr2="blah2" attr1="blah1"  />
or something else.

On the other hand, some applications will want character-by-character
and even bit-by-bit parity between the encrypted version and the
decrypted version.  These applications will have greater constraints on
the types of transforms they can use because of the higher degree of
reversibility required.

I think XML Encryption is flexible enough to support the full ambit of
reversibility requirements.  I'm not arguing (at this point) for any
requirements on the reversibility of transforms; I'm just using this
posting as a way of thinking out loud and soliciting feedback from
others.  Jim and Don have already had some good points and I just want
to make sure there is a good common understanding of this topic.

Regards, Ed

Received on Wednesday, 13 June 2001 12:34:12 UTC