- From: Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
- Date: Tue, 15 May 2001 10:57:40 -0400
- To: xml-encryption@w3.org
- Cc: "'Amir Herzberg'" <AMIR@newgenpay.com>, Eastlake III Donald-LDE008 <Donald.Eastlake@motorola.com>
Hi Amir, I think the desired integrity properties are obtained if the hash is over the plaintext regardless of whether that hash is then encrypted along with the plain text or left unencrypted. In this case having the DigestMethod be an orthogonal choice to the EncryptionMethod seems like a good idea. I'm not sure if the DigestMethod and DigestValue elements should be inside CipherData or at the same level but if they are inside, I'd be inclined to then put the actual ciphertext into an element at the same level as the Digest*. On the randomization, note that if the hash is over the plaintext with IV, the IV provides some randomness. However, whether you do that or use some other randomness, there is a question of how you add it to the plaintext. This can just be left up to the application but, for application convenience, we could provide an attribute in the XML Encryption namespace that could optionally be used by the application to add, via the attribute's value, randomness, or even one of the dreaded Processing Instructions... Thanks, Donald -----Original Message----- From: Amir Herzberg [mailto:AMIR@newgenpay.com] Sent: Tuesday, May 15, 2001 3:15 AM To: 'Joseph Ashwood'; Donald Eastlake 3rd; xml-encryption@w3.org Subject: RE: Early Draft Algorithms Section (also: renaming HashOfRandomized) Joe Ashwood said among many other things, > By specifying things in this way (e.g. 3DES with SHA-1) we immediately build > an exponential increase in the parsing design as more authenticity and > encryption algorithms are added. It would be much better to specify the two > seperately, resulting in linear growth. The combinations are not very well > matched, ... I agree. I think it is better to avoid defining encryption-with-digest. Define only plain encryption. If people want also integrity they should use the HashOfRandomized tag (assuming you all agree to it...). BTW, I'm all for renaming this tag. I now think my original choice (HashOfRandomized) is a particularly poor choice. I now propose to replace it simply by reusing the existing <DigestValue> and <DigestMethod> tags, to be placed within <CipherText>. Best regards, Amir Herzberg CTO, NewGenPay Inc. See demo and lectures/overviews/tutorials on crypto-security for mobile, e-commerce, etc. in http://www.newgenpay.com/mpay/course/course.html
Received on Tuesday, 15 May 2001 10:58:01 UTC