W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

RE: Comments on the requirements draft

From: Blair Dillaway <blaird@microsoft.com>
Date: Mon, 26 Mar 2001 10:05:50 -0800
Message-ID: <AA19CFCE90F52E4B942B27D4234963790120B1EE@red-msg-01.redmond.corp.microsoft.com>
To: "Ed Simon" <ed.simon@entrust.com>, <xml-encryption@w3.org>
I agree the issue applies to encryption in 
general and is not specific to encryption 
of attributes.
Your proposed text sounds good.
-----Original Message-----
From: Ed Simon [mailto:ed.simon@entrust.com]
Sent: Friday, March 23, 2001 10:22 AM
To: xml-encryption@w3.org
Subject: RE: Comments on the requirements draft

Insomuch as the statement applies equally to the encryption of 
whole elements or element content, I agree that the designers of 
applications need to consider what effect introducing node 
encryption will have on their system.  In many cases, one will 
indeed be able to introduce targeted node encryption with changes 
only at the designated encrypting and decrypting points. 

In a non-normative "Application considerations" section of the 
"XML Encryption Syntax and Processing" document (not the 
Requirements document), I would 
agree to a statement like this, where "node encryption" 
means "whole element encryption, element content encryption, 
and (if we do it) attribute value encryption": 

"An advantage of node encryption is that XML systems need only 
encrypt precisely what needs to be encrypted and for precisely 
who it is being encrypted. Non-sensitive data can remain in 
plaintext.  This means that when incorporating node encryption 
into a system, designers need only change those application 
processes that need access to nodes which have been 
encrypted.  For the system to function properly after node 
encryption is introduced, it is important that designers ensure 
that all affected application processes have the necessary 
decryption capabilities.  Note that even if a particular node 
is not encrypted, designers should consider whether or not its 
processing might depend on a node that has been encrypted." 

Is this wording satisfactory? 

-----Original Message----- 
From: Blair Dillaway [ mailto:blaird@microsoft.com
<mailto:blaird@microsoft.com> ] 
Sent: Friday, March 23, 2001 11:20 AM 
To: Ed Simon; xml-encryption@w3.org 
Subject: RE: Comments on the requirements draft 

From your statement below I assume you agree with the last sentence in 
my posting which you left off: 
    I would like to see us generally warn applications against making 
this assumption 
    without thorough consideration of how the existing, non-encrypted, 
documents are being 
    processed by all potential recipients. 
-----Original Message----- 
From: Ed Simon [ mailto:ed.simon@entrust.com
<mailto:ed.simon@entrust.com> ] 
Sent: Friday, March 23, 2001 5:28 AM 
To: xml-encryption@w3.org 
Subject: RE: Comments on the requirements draft 

Blair wrote: 
There have been multiple discussions where 
there is an implicit assumption that one can partially encrypt a 
document, attribute values in particular, while not affecting 
non-encryption aware recipients. 

I reply: 
I certainly agree that one cannot assume this behaviour as the 
default but it does so happen that it does work for some XML 
protocols such as SMIL (see the recent emails regarding my 
work with SMIL for details).  Though a non-encryption-aware 
SMIL processor would be able to handle the encrypted SMIL 
doc, this is because SMIL specifies that if an application 
does not understand a namespace, it should ignore it.  

While agreeing we should not assume this behaviour, I think we 
need to keep in mind that a good number of XML applications will 
have this behaviour. 

Received on Monday, 26 March 2001 13:39:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC