RE: Comments on the requirements draft from Blair Dillaway on 2001-03-22 (xml-encryption@w3.org from March 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Thu, 22 Mar 2001 14:16:51 -0800
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "Ed Simon" <ed.simon@entrust.com>
Cc: <xml-encryption@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637921F945@red-msg-01.redmond.corp.microsoft.com>

The proposal below is acceptable to me.  

On attribute encryption, I only suggested the additional paragraph
because of the statement ".. and can make the data useless to
intermediate processors".  There have been multiple discussions where
there is an implicit assumption that one can partially encrypt a
document, attribute values in particular, while not affecting
non-encryption aware recipients.  I would like to see us generally warn
applications against making this assumption without thorough
consideration of how the existing, non-encrypted, documents are being
processed by all potential recipients.

In any event, deleting my text along with the other 'rationale' is fine.

Blair

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Thursday, March 22, 2001 1:33 PM
To: Ed Simon; Blair Dillaway
Cc: xml-encryption@w3.org
Subject: RE: Comments on the requirements draft

At 11:35 3/22/2001 -0500, Ed Simon wrote:
>Given that the discussion of attribute encryption has been intense but
>inconclusive, why don't we drop trying to express the rationale one way
>or the other in the requirements document and just keep the
solicitation
>for feedback.

I think this is a good idea Ed. The thing that I'm most concerned is
that 
for the two more complex features of (a) attribute encryption and (b) 
signature+encryption, when we punt on these as out of scope or an 
application issue, we give an indication as to whether an application
has a 
sound option.

For signature+encryption, we say it's out of scope, but here's two well 
specified application options (always encrypt signature, or the 
decrypt-exception transform.)

For attribute encryption, we say it's out of scope and we do not yet
have 
any well specified option/recommendation.

So, I second your proposal with the following amendment to the comment:
>The Working Group (WG) solicits comment on this requirement from the 
>broader community. After much discussion about the requirements, 
>complexities, and alternatives of attribute encryption {List:
Hallam-Baker, 
>Simon, Reagle} the WG has decided to  proceed under the requirement of 
>element encryption while remaining open to further comment,
experimentation 
>and specification of attribute encryption proposals or alternatives
that 
>satisfy the requirement to encrypt sensitive attribute values.

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 22 March 2001 18:12:35 UTC