- From: Blair Dillaway <blaird@microsoft.com>
- Date: Mon, 26 Mar 2001 10:05:50 -0800
- To: "Ed Simon" <ed.simon@entrust.com>, <xml-encryption@w3.org>
I agree the issue applies to encryption in general and is not specific to encryption of attributes. Your proposed text sounds good. Blair -----Original Message----- From: Ed Simon [mailto:ed.simon@entrust.com] Sent: Friday, March 23, 2001 10:22 AM To: xml-encryption@w3.org Subject: RE: Comments on the requirements draft Insomuch as the statement applies equally to the encryption of whole elements or element content, I agree that the designers of applications need to consider what effect introducing node encryption will have on their system. In many cases, one will indeed be able to introduce targeted node encryption with changes only at the designated encrypting and decrypting points. In a non-normative "Application considerations" section of the "XML Encryption Syntax and Processing" document (not the Requirements document), I would agree to a statement like this, where "node encryption" means "whole element encryption, element content encryption, and (if we do it) attribute value encryption": "An advantage of node encryption is that XML systems need only encrypt precisely what needs to be encrypted and for precisely who it is being encrypted. Non-sensitive data can remain in plaintext. This means that when incorporating node encryption into a system, designers need only change those application processes that need access to nodes which have been encrypted. For the system to function properly after node encryption is introduced, it is important that designers ensure that all affected application processes have the necessary decryption capabilities. Note that even if a particular node is not encrypted, designers should consider whether or not its processing might depend on a node that has been encrypted." Is this wording satisfactory? Ed -----Original Message----- From: Blair Dillaway [ mailto:blaird@microsoft.com <mailto:blaird@microsoft.com> ] Sent: Friday, March 23, 2001 11:20 AM To: Ed Simon; xml-encryption@w3.org Subject: RE: Comments on the requirements draft Ed, From your statement below I assume you agree with the last sentence in my posting which you left off: I would like to see us generally warn applications against making this assumption without thorough consideration of how the existing, non-encrypted, documents are being processed by all potential recipients. -----Original Message----- From: Ed Simon [ mailto:ed.simon@entrust.com <mailto:ed.simon@entrust.com> ] Sent: Friday, March 23, 2001 5:28 AM To: xml-encryption@w3.org Subject: RE: Comments on the requirements draft Blair wrote: There have been multiple discussions where there is an implicit assumption that one can partially encrypt a document, attribute values in particular, while not affecting non-encryption aware recipients. I reply: I certainly agree that one cannot assume this behaviour as the default but it does so happen that it does work for some XML protocols such as SMIL (see the recent emails regarding my work with SMIL for details). Though a non-encryption-aware SMIL processor would be able to handle the encrypted SMIL doc, this is because SMIL specifies that if an application does not understand a namespace, it should ignore it. While agreeing we should not assume this behaviour, I think we need to keep in mind that a good number of XML applications will have this behaviour. Ed
Received on Monday, 26 March 2001 13:39:31 UTC