RE: Comments on the 6 Apr Draft from Blair Dillaway on 2001-05-17 (xml-encryption@w3.org from May 2001)

From: Blair Dillaway <blaird@microsoft.com>
Date: Thu, 17 May 2001 09:45:08 -0700
To: "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: <xml-encryption@w3.org>, "Philippe Le Hegaret" <plh@w3.org>
Message-ID: <AA19CFCE90F52E4B942B27D42349637902CDCCDF@red-msg-01.redmond.corp.microsoft.com>

glad the example helped clarify the issue.  one more 
comment below (see [blaird])

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Thursday, May 17, 2001 9:31 AM
To: Blair Dillaway
Cc: xml-encryption@w3.org; Philippe Le Hegaret
Subject: RE: Comments on the 6 Apr Draft

At 09:11 5/16/2001 -0700, Blair Dillaway wrote:
>However, an encryptor could take the document
>    <1>
>        <a/>
>        <b/>
>    </1>
>encrypt the children of '1' giving
>    <1>
>         <EncryptedData>
>             <CipherData>somebase64text</CipherData>
>         </EncryptedData>
>    </1>
>and then add in a child element of '1' with tag 'c' to get
>       <1>
>         <EncryptedData>
>             <CipherData>somebase64text</CipherData>
>         </EncryptedData>
>         <c/>
>       </1>

Hrmm... good point. What I was trying to ask was if you had (a,b,c) from
the 
start, if you wanted to encrypt only (a,b), I assume the instance would
look 
like:
<1>
   <EncryptedData/>
   <EncryptedData/>
   <c/>
</1>

[blaird] yes, this is how we agreed it would work in past discussions.  
but, to reiterate a point in my post, if we allow the application to 
handle the serialization to an octet sequence then I don't see how
we can enforce this behavior.  I do believe we need to allow the app
to do the serialization so they can choose to do operations such as
C14N or serialize & compress.  A big issue is whether we define a
required serialization method in XML Encryption or always defer this 
operation to the using application.

and not as you have it above. But in your scenario the result can happen
not 
through the encryption, but through subsequent additions. Under that 
scenario, the EncryptedData of type childNodes would have to be
interpreted 
as not the childNode property itself, but a contribution to the
childNodes 
in case others were added. (And I can see why you want to call it a 
NodeList...)

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 17 May 2001 14:09:39 UTC