- From: Blair Dillaway <blaird@microsoft.com>
- Date: Mon, 26 Mar 2001 10:05:50 -0800
- To: "Ed Simon" <ed.simon@entrust.com>, <xml-encryption@w3.org>
I agree the issue applies to encryption in
general and is not specific to encryption
of attributes.
Your proposed text sounds good.
Blair
-----Original Message-----
From: Ed Simon [mailto:ed.simon@entrust.com]
Sent: Friday, March 23, 2001 10:22 AM
To: xml-encryption@w3.org
Subject: RE: Comments on the requirements draft
Insomuch as the statement applies equally to the encryption of
whole elements or element content, I agree that the designers of
applications need to consider what effect introducing node
encryption will have on their system. In many cases, one will
indeed be able to introduce targeted node encryption with changes
only at the designated encrypting and decrypting points.
In a non-normative "Application considerations" section of the
"XML Encryption Syntax and Processing" document (not the
Requirements document), I would
agree to a statement like this, where "node encryption"
means "whole element encryption, element content encryption,
and (if we do it) attribute value encryption":
"An advantage of node encryption is that XML systems need only
encrypt precisely what needs to be encrypted and for precisely
who it is being encrypted. Non-sensitive data can remain in
plaintext. This means that when incorporating node encryption
into a system, designers need only change those application
processes that need access to nodes which have been
encrypted. For the system to function properly after node
encryption is introduced, it is important that designers ensure
that all affected application processes have the necessary
decryption capabilities. Note that even if a particular node
is not encrypted, designers should consider whether or not its
processing might depend on a node that has been encrypted."
Is this wording satisfactory?
Ed
-----Original Message-----
From: Blair Dillaway [ mailto:blaird@microsoft.com
<mailto:blaird@microsoft.com> ]
Sent: Friday, March 23, 2001 11:20 AM
To: Ed Simon; xml-encryption@w3.org
Subject: RE: Comments on the requirements draft
Ed,
From your statement below I assume you agree with the last sentence in
my posting which you left off:
I would like to see us generally warn applications against making
this assumption
without thorough consideration of how the existing, non-encrypted,
documents are being
processed by all potential recipients.
-----Original Message-----
From: Ed Simon [ mailto:ed.simon@entrust.com
<mailto:ed.simon@entrust.com> ]
Sent: Friday, March 23, 2001 5:28 AM
To: xml-encryption@w3.org
Subject: RE: Comments on the requirements draft
Blair wrote:
There have been multiple discussions where
there is an implicit assumption that one can partially encrypt a
document, attribute values in particular, while not affecting
non-encryption aware recipients.
I reply:
I certainly agree that one cannot assume this behaviour as the
default but it does so happen that it does work for some XML
protocols such as SMIL (see the recent emails regarding my
work with SMIL for details). Though a non-encryption-aware
SMIL processor would be able to handle the encrypted SMIL
doc, this is because SMIL specifies that if an application
does not understand a namespace, it should ignore it.
While agreeing we should not assume this behaviour, I think we
need to keep in mind that a good number of XML applications will
have this behaviour.
Ed
Received on Monday, 26 March 2001 13:39:31 UTC