- From: David Montgomery <david.montgomery@entrust.com>
- Date: Fri, 23 Mar 2001 10:49:02 -0500
- To: "'XML Encryption List'" <xml-encryption@w3.org>
- Message-ID: <A0E1DEC54ED42F4884DD9EEA00ACE371AFF2EF@sottmxs08.entrust.com>
"prop3" states that "Multiple DataReference elements can occur if multiple
EncryptedData elements exist that are encrypted by the same key".
The use of multiple DataReference elements allows the following flawed
relationship; Alice must encrypt EncryptedData-A and EncryptedData-B with
the same symmetric key, which is encrypted with Bob's public key in
EncryptedKey-Bob. If Eve is a second recipient of EncryptedData-A, she
gains indirect access to EncryptedData-B, which Alice did not intend. (Same
applies to KeyReferences.)
Although a similarly flawed linkage could be created also with
EncryptedKeyReferences or KeyRetrievalMethods instead of DataReferences, the
use of multiple DataReferences invites the application developer to create
it, by requiring re-use of encryption keys.
+----------------------+
| XML Document |
| +------------+ |
DataReference | Encrypted | DataReference
+---<----<- | Key-Bob | --->---->--->---+
| | +------------+ | |
| | +------------+ | URI |
| | | Encrypted | ---<----<----+ |
| | | Key-Eve | | | |
| | +------------+ | | |
| | +----------------+ | | |
| | | Encrypted | -->-->---+ |
| | | Data-A | -<--<--<--<-+
| | +----------------+ |
| | +----------------+ |
| | | Encrypted | |
+-->--->--->| Data-B | |
| +----------------+ |
+----------------------+
Entrust Technologies Inc. We Bring Trust to e-Business
D.S. Montgomery, mailto:david.montgomery@entrust.com
Received on Friday, 23 March 2001 10:55:35 UTC