- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Mon, 14 May 2001 14:41:35 -0400
- To: Amir Herzberg <AMIR@newgenpay.com>
- Cc: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
At 17:48 5/1/2001 +0300, Amir Herzberg wrote:
>Following our discussion on requirements, I'll like now to request adding
>support to allow signing of encrypted data. This is by allowing the
>following new tag in <EncryptedData>:
>
> <HashOfRandomized>
Amir,
I'm going to try to restate your proposal using an explicit scenario to make
sure I understand it before commenting. Does this capture the gist?
Given some Structure:
<foo>
<bar1/>
<bar2/>
<bar3/>
<bar4/>
</foo>
Knowing you want to sign the plaintext version above, as well as
*subsequently* encrypt element <bar2> without revailing info about the
plaintext, you include <HashOfRandomized/> which is a has of <bar2> with
some random data thrown in for entropy if necessary.
<foo>
<bar1/>
<EncryptedData>
<HashOfRandomized/>
...
</EncryptedData>
<bar3/>
<bar4/>
</foo>
To sign it
<Signature>
...
<Reference URI="#eg1">
<Transform Algorithm="&enc;#Replace-with-HashOfRandomized">
...
<Object Id="eg1">
<foo>
<bar1/>
<EncryptedData>
<HashOfRandomized/>
...
</EncryptedData>
<bar3/>
<bar4/>
</foo>
</Object>
</Signature>
Consequently, the signature reveals no data about the plain text secured
by EncryptedData. Also, it has the other feature that one can change the
actual EncryptedData (perhaps it's encryption or key) without
invalidating the signature.
__
Joseph Reagle Jr. http://www.w3.org/People/Reagle/
W3C Policy Analyst mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature
W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Monday, 14 May 2001 14:41:41 UTC