Re: CipherData rationale from Takeshi Imamura on 2001-05-30 (xml-encryption@w3.org from May 2001)

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Wed, 30 May 2001 16:18:51 +0900
To: "Frederick J. Hirsch" <hirsch@zolera.com>
Cc: <xml-encryption@w3.org>
Message-ID: <OF4A8D9A23.E01B22E7-ON49256A5C.0020387B@LocalDomain>

Frederick,

>Is the rationale that the first form makes for easier processing since the
types
>are clearly distinguished via elements at the expense of slightly more
verbose
>XML? I gather the first form is also more extensible.

I believe so.

By the way, in your example, you specify C14N as a transform, but C14N is
not reversible and cannot be specified.  And I'd like to make sure that
transforms specified in a transform sequence are those applied before
decrypting.  For example, if I performed reversible compression and
encoding on cryptobinary in this order, is it correct to build the
following structure:

<CipherReference URI="some-URI">
  <ds:Transforms>
    <ds:Transform Algorithm="decode"/>
    <ds:Transform Algorithm="decompress"/>
  </ds:Transforms>
</CipherReference>

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com



From: "Frederick J. Hirsch" <hirsch@zolera.com>@w3.org on 2001/05/30 03:36
      AM

Please respond to "Frederick J. Hirsch" <hirsch@zolera.com>

Sent by:  xml-encryption-request@w3.org


To:   <xml-encryption@w3.org>
cc:
Subject:  CipherData rationale



I think it would be useful to clarify the XML encryption spec with an
example of
the different forms of CipherData. The definition of the CipherData element
is
clearly articulated using XML schema, but XML Schema might not be clear to
everyone who will read the document.

Am I correct that CipherData would appear as one of the following:

<CipherData>
  <CipherValue>cryptobinary</CipherValue>
</CipherData>

or (with zero or more optional transforms)

<CipherData>
 <CipherReference URI="http://www.somewhere.com/cipherdata">
   <ds:Transform Algorithm=="
http://www.w3.org/TR/2001/REC-xml-c14n-20010315">
 </CipherReference>
</CipherData>

An alternative might be CipherData which takes an optional URI attribute,
and
optional transform elements
as well as the cryptobinary:

<CipherData>cryptobinary</CipherData>
or
<CipherData URI="http://www.somerwhere.com/cipherdata">
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</CipherData>

This requires a statement which is more awkward in schema: "require URI for
cipherdata OR place cipherdata as cryptobinary within CipherData element"

Is the rationale that the first form makes for easier processing since the
types
are clearly distinguished via elements at the expense of slightly more
verbose
XML? I gather the first form is also more extensible.

Received on Wednesday, 30 May 2001 03:19:16 UTC