DigestMethod and DigestData from Frederick J. Hirsch on 2001-06-25 (xml-encryption@w3.org from June 2001)

From: Frederick J. Hirsch <hirsch@zolera.com>
Date: Mon, 25 Jun 2001 13:51:43 -0400
To: <xml-encryption@w3.org>
Message-ID: <NEBBLPMKCKBLFHBJIHPCEECGDBAA.hirsch@zolera.com>

The XML Encryption document specifies that DigestMethod and DigestData may be
specified
within the CipherData element to provide integrity.
 http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/#sec-CipherData

I assume the same result could be achieved by not including these elements, but
using an XML Signature
on the content to be encrypted, and then encrypting both the content and the
signature. This would have the additional cost of maintaining the keys for
signing and implementing XML signatures. It would have the benefit of providing
stronger integrity than a simple hash.

I propose we leave this up to the application rather than defining the digest
elements as part of CipherData

Alternatively we can leave the optional DigestMethod,DigestData  elements in the
schema but suggest that stronger (source) integrity be obtained with a
signature.

< Frederick

hirsch@zolera.com

Received on Monday, 25 June 2001 13:48:34 UTC