RE: support for signing plaintext and ciphertext from Joseph M. Reagle Jr. on 2001-05-18 (xml-encryption@w3.org from May 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 18 May 2001 11:48:05 -0400
To: Amir Herzberg <AMIR@newgenpay.com>
Cc: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Message-Id: <4.3.2.7.2.20010518113706.00b11ce8@localhost>

At 09:48 5/15/2001 +0300, Amir Herzberg wrote:
>Your note below reflects my meaning very well. One point to add is that the
>signature allows non-repudiation for the plaintext, as well as validation of
>the rest of the signature. Namely,

I was trying to focus on the added features of the proposal, so when you say:

>-- A recipient with the decryption key can validate that the entire message
>(including the  encrypted part) was signed

When used with XML Signature? (When you say encrypted part, do you mean the 
plain or cipher data?)

>-- A recipient without the decryption key can only validate the
>non-encrypted parts of the message.

Well, he can validate the whole document, which is the version with 
EncryptedData included.

> > To sign it
> >
> >     <Signature>
> >        ...
> >        <Reference URI="#eg1">
> >        <Transform Algorithm="&enc;#Replace-with-HashOfRandomized">
> >        ...
> >        <Object Id="eg1">
> >           <foo>
> >              <bar1/>
> >              <EncryptedData>
> >                 <HashOfRandomized/>
> >                 ...
> >              </EncryptedData>

There's really two parts of this proposal which I'd like to break apart:
1. Integrity: hashOfRandomized (let's call it DigestMethod and DigestValue 
in CipherData)
2. Morphing Feature: changing Encryption information without breaking the 
signature.

The first part, I think makes sense and is fairly straightforward.

The morphing necessitates a transform, but just to start with natural 
language:
(1. Resolve the Reference URI).
2. Find any EncryptedData children with a HashOfRandomized child.
3. Replace the EncryptedData element with its HashofRandomized child.

My tenative concerns with this approach:
1. How would this interact with the encrypt-sign transform, any side-effects 
or does it become unwieldy and complex when  you consider both?
2. Performance?
3. It's clear we need a more complete specification.

__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 18 May 2001 11:48:14 UTC