Minor comments on the spec from Takeshi Imamura on 2001-10-12 (xml-encryption@w3.org from October 2001)

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Fri, 12 Oct 2001 19:47:37 +0900
To: xml-encryption@w3.org
Message-ID: <OF8A95D836.AAD68357-ON49256AE3.002B159D@LocalDomain>

Hi,

I have some minor comments on [1].  Hope these help.

3.1
The Type attribute is still in the schema.  The attribute should be moved
to the schema of the EncryptedData element.
There is no explanation for the EncryptionProperties element.
"ElementContent" would be "Content".

3.2
I believe that a nonce value specified using the Nonce attribute is used
only when encrypting data (not key).  Is that correct?  If so, that should
be explained explicitly.

3.2.1
Transform elements and an XPath element in the example have to be prefixed
with "ds:".

3.4
The EncryptedKey element can specify elements not only via the
DataReference element but the KeyReference element.
I don't understand how the KeyValue element is used.  Is the element used
for containing a key that is not protected?

3.4.1
The identifier of the EncryptedKey element would be
"http://.../xmlenc#EncryptedKey".

3.5
Because the URI attribute is optional, the behavior should be noted when
the attribute is omitted.
Transform and XPath elements in the example have to be prefixed with "ds:".

3.6
"RetrievalMethod" would be "Reference".
The EncryptionProperties element can contain information items not only on
the EncryptedData element but the EncryptedKey element.

5
In Section 5, a term "encryption application" is used for an implementation
of the spec.  It is very confusing and should be changed to
"implementation" or something.

5.2
No padding algorithm is specified.  I suppose the PKCS5 padding, but is
that correct?

5.4
The key type is given not only by the EncryptionMethod element of the
EncryptedKey element but that of the EncryptedData element.
The 2nd paragraph is confusing.  It would be as follows: "Key Transport
algorithms may optionally be used to encrypt data in which case their
identifiers appear as Algorithm attributes to EncryptionMethod elements
that are children of EncryptedData.  Because they use public key
algorithms, Key Transport algorithms are not efficient for the transport of
any amounts of data significantly larger than *a*symmetric keys."

5.4.1
"CipherData" in the example would be "CipherValue".

5.4.2
The DigestMethod element in the example has to be prefixed with "ds:".

5.6.2
"168" in the step 1 of the wrapping algorithm would be "192".

5.7
I think that it has been decided that the message digest algorithm is not
used in the CipherData element.

[1] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com

Received on Friday, 12 October 2001 06:48:00 UTC