Re: Minor comments on the spec from Joseph Reagle on 2001-11-16 (xml-encryption@w3.org from November 2001)

From: Joseph Reagle <reagle@w3.org>
Date: Fri, 16 Nov 2001 16:56:43 -0500
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>
Cc: Eastlake <dee3@torque.pothole.com>, xenc <xml-encryption@w3.org>
Message-Id: <20011116215644.12E9812FD@policy.w3.org>

On Monday 12 November 2001 02:43, Takeshi Imamura wrote:
> >> >EncryptedKey, I forgot to move its text when I did that, but I fixed
> >> > that in the last edit.
> >>
> >> Is the Type attribute also needed for the EncryptedKey element?  I
> >> could not find such a description in the spec.
> >
> >Yes, if the decrypted CipherData was a ds:KeyValue for instance, you
> > would want to process it according to 4.2.4, right?
>
> Do you mean that you encrypt a ds:KeyValue element into an EncryptedKey
> element with the Type Element?  To my understanding, it is not allowed.

Are you saything the following example with [000] inserted needs to be 
prevented?

  [t09] <EncryptedKey Id='EK' CarriedKeyName="John Doe"
  [t10]  xmlns='http://www.w3.org/2001/04/xmlenc#'
  [000]  Type='http://www.w3.org/2001/04/xmlenc#Element'>
  [t11]   <EncryptionMethod 
           Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
  [t12]   <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
  [t13]     <ds:KeyName>John Smith</ds:KeyName>
  [t14]   </ds:KeyInfo>
  [t15]   <CipherData><CipherValue>xyzabc</CipherValue></CipherData>
  [t19] </EncryptedKey>

[000] Is saying that when you decrypted the CipherValue, you can expect to 
find an XML element, perhaps a <ds:KeyValue>3ab3333</ds:KeyValue>

> >> So should the implementation give a warning when a user is encrypting
> >> a key with a nonce value and/or decrypting a key encrypted with a
> >> nonce value?
> >
> >Why would a warning be necessary? (Warn of what?) I really don't see the
> >processing (from an XML decryption point of view) of EncryptedData or
> >EncryptedKey as very different. There both processed to get you the
> >plain-data, the only different is that one has a little more "meta-data"
> >about the EncryptedKey's plain-data, it's a key.
>
> A nonce cannot be used for encrypting a key, right?  

Yes.

> So I just thought
> that, if a user was trying to use a nonce for encrypting a key, it would
> be helpful to warn the user of the illegal use of nonce.  Our
> implementation just ignores such a nonce, though.

I fear I'm still not understanding the "illegal" use of nonce. Perhaps 
specific text proposal to the text would help me understand.

> >> >> 3.5
> >> >> Because the URI attribute is optional, the behavior should be noted
> >> >> when the attribute is omitted.
> >> >> Transform and XPath elements in the example have to be prefixed
> >> >> with "ds:".
> >> >
> >> >Do we have any reason why it should be optional? If so, we should
> >> > defer to application context, if not, we should make it mandatory.
> >>
> >> I don't see any reason.
> >
> >Ok, ReferenceType URI is now optional.
>
> I'm sorry for confusing you.  I meant that the URI attribute would be
> mandatory.

Oops, my mistake, it's now required [new revision: 1.72] and I added a URI 
to the example of section 3.5 .



-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 16 November 2001 16:56:55 UTC