Question about EncryptedType from Dournaee, Blake on 2001-10-18 (xml-encryption@w3.org from October 2001)

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Thu, 18 Oct 2001 15:15:04 -0700
To: xml-encryption@w3.org
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D202A1B5AB@exrsa01.rsa.com>

Hello All,

I have some questions regarding the Last Call WD for XML Encryption,


Question #1:

Here is the schema definition for <EncryptedType> from
http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/

  
 "
  <complexType name='EncryptedType' abstract='true'>
    <sequence>
      <element name='EncryptionMethod' type='xenc:EncryptionMethodType' 
               minOccurs='0'/>
      <element ref='ds:KeyInfo' minOccurs='0'/>
      <element ref='xenc:CipherData'/>
      <element ref='xenc:EncryptionProperties'/>
    </sequence>
    <attribute name='Id' type='ID' use='optional'/>
    <attribute name='Type' type='anyURI' use='optional'/>
   </complexType>"


I have noticed that the <EncryptionProperties> element isn't marked with a
"minOccurs=0" implying that it is required. Is this 
a mistake in the schema definition? The <EncryptionProperties> element
should be optional, correct?


Question #2:

This is a question regarding serialization.

There seems to be a conflict with this verbage (perhaps it is my twisted
view).

Consider Section 4.1:

"If the data is an [ XML] Element or [ XML] Element Content, obtain the
octets by serializing the data in UTF-8 as specified in [ XML]. "


Then, consider Section 5.9:

"Canonical XML [Canon] is the recommended method of consistently serializing
XML into an octet stream"


These are obviously very different. I read the first as "convert the XML
into UTF-8" and the second is obviously the application of Canonical XML.
Which one should be used? And further, when would Canonical XML really be
required during Encryption or Decryption?

Thanks,


Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 


-----Original Message-----
From: Dournaee, Blake 
Sent: Thursday, October 18, 2001 1:28 PM
To: xml-encryption@w3.org
Subject: Password Based Encryption for RSA Keys


Hi All,

It seems to me that XML Encryption does not have a facility to encrypt
RSA/DSA Private Keys using password-based encryption. E.g. There is no
replacement for what is currently a PKCS#8 "EncryptedPrivateKeyInfo"
structure (to use the ASN.1 terminology)

Currently, there is no XML representation of such an encrypted construct,
which is very odd because this form of encrypted data is especially
"user-friendly" because it is unlocked with a password.

Any ideas on this? Or perhaps it was decided against for some good reason?

Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates

Received on Thursday, 18 October 2001 18:18:49 UTC