RE: CipherReference + Transforms meaning

Blair,

In Section 4.2 of the latest draft spec [1], the following is described:

"4. If it is an EncryptedData structure and the type is "Element" or
"ElementContent", then place the resulting characters in place of the
EncryptedData element with the encoding of the parent XML document if
necessary. Otherwise, the octet sequence is the final result."

And to my understanding, XML Document, which is identified by the media
type "text/xml", is processed in the same manner as non-XML external data.

[1] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com



From: "Blair Dillaway" <blaird@microsoft.com> on 2001/06/15 12:46 AM

Please respond to "Blair Dillaway" <blaird@microsoft.com>

To:   Takeshi Imamura/Japan/IBM@IBMJP
cc:   <edsimon@xmlsec.com>, <xml-encryption@w3.org>
Subject:  RE: CipherReference + Transforms meaning



I am open to adopting this interpretation.  But I don't find the wording
in draft specs clearly indicate what should happen when the type is
Element, Content, or some non-XML external data.  We should also cover
XML Document since this can't generally be inserted in place of the
EncrytpedData element.



-----Original Message-----
From: Takeshi Imamura [mailto:IMAMU@jp.ibm.com]
Sent: Thursday, June 14, 2001 6:11 AM
To: Blair Dillaway
Cc: edsimon@xmlsec.com; xml-encryption@w3.org
Subject: Re: CipherReference + Transforms meaning




Blair,

I thought the rules are the same, that is, when the type is Element or
Content, the decrypted XML structure replaces the EncryptedData element
whether the CipherData element contains the CipherValue or
CipherReference element, and so our implementation was done accordingly.
I feel it does not make sense to distinguish both ...

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com



From: "Blair Dillaway" <blaird@microsoft.com>@w3.org on 2001/06/13 08:21

Please respond to "Blair Dillaway" <blaird@microsoft.com>

Sent by:  xml-encryption-request@w3.org


To:   <edsimon@xmlsec.com>, <xml-encryption@w3.org>
cc:
Subject:  CipherReference + Transforms meaning



Changed the subject to reflect the discussions and trimmed the thread

I don't agree completely.  One of the reasons to use the reference +
transforms version of CipherData is to handle external, and possibly
non-XML, data.  The last sentence below implies it is an XML fragment.
It could just as easily be compressed video (an example you used in the
past).  In this case, the decrypted data would simply be handed to the
application.

This does raise an issue that should be resolved prior to finalizing
wording.  We have always agreed that the decrypted XML replaces the
EncryptedData element in the document when: 1)the CipherValue contains
the encrypted representation; and 2)the type is Element or
Element-Content.  Should the rules be the same when using the
CipherReference + Transforms if the type is given as Element or
Element-Content?  Or does use of the latter representation imply the
decrypted data is always treated as external to the document containing
the EncryptedData element?  Should we standardize on one interpretation
or provide a way to express both?

Comments

Blair

-----Original Message-----
From: edsimon@xmlsec.com [mailto:edsimon@xmlsec.com]
Sent: Tuesday, June 12, 2001 1:11 PM
To: xml-encryption@w3.org
Subject: RE: RE: Draft Minutes from 010611 Teleconf (changes)


In section 3.2.1 of the current draft, would you agree to replacing
everything from "The syntax of the URI and Transforms is similar to ..."
up to (but not including) the schema definition with this text:

--- start ---
Though the syntax of the Transforms is based on that in XML Signature
[XMLDSIG], the purpose for transforms in XML Encryption's
<CipherReference> element is unrelated to their purpose in XML
Signature's <Reference> element.  In XML Signature, transforms are used
to select or exclude data to be secured; in XML Encryption, transforms
are used solely to obtain the cipherdata that will be decrypted into an
XML string and inserted in place of the <EncryptedData> element.
--- end ---

Ed

-- Original Message --

>Ed,
>
>I must respectfully disagree with you on this.  I find this whole
>discussion of transform reversibility to be confusing and largely
>irrelevant and prefer Don's suggested wording.  Specifically, your
>statement
>
>    "Nevertheless, the concept of what you get after decryption
>     not being bit-for-bit or character-for-character the same
>     as what you had before encryption ..."
>
>is wrong in this context.  What you get after decrypting the cipher
>text is precisely bit-for-bit the octet sequence that was encrypted.
>The fact that the encryptor may have obtained the to-be-encrypted octet

>sequence based on some serialization of XML, that may differ from other

>possible serializations, doesn't matter.  All you're really saying is
>that there are multiple ways one may serialize XML and it is generally
>impossible to reverse the process to obtain some earlier serialized
>representation.  There is nothing encryption specific about this issue.
>
>Blair
>
<---------------  snip ------------------>

Received on Friday, 15 June 2001 03:46:34 UTC