RE: octet-based processing model

Comments in-line

> -----Original Message-----
> From: Joseph Reagle [mailto:reagle@w3.org] 
> Sent: Friday, August 31, 2001 1:16 PM
> To: Blair Dillaway; merlin
> Cc: xml-encryption@w3.org
> Subject: Re: octet-based processing model
> 
> 
> On Monday 27 August 2001 17:54, Blair Dillaway wrote:
> > I clearly misunderstood your concern (which is a good 
> thing).  There 
> > was a discussion of the basic issue you raise on-going at 
> the time you 
> > sent your initial mail.  See:
> 
> So I'm not sure of the resolution of this thread. I've taken 
> a stab at 
> <del>UTF-encoded</del> in a few places in the Encryption 
> section (4.1.5) that 
> I think isn't required. Merlin, do you think any other diffs 
> are necessary? I 
> haven't removed it from Decryption (4.2.4).
> 
> Blair, with respect to the mandatoriness of 
> replace-and-encrypt, is your view 
> that it should be RECOMMENDED with respect to 
> *implementation*? I thought we 
> agreed mandatory to implement would be a good thing since it 
> will likely be a 
> common operation and users of xenc implementations can have uniform 
> expectations about its presence.

I'd prefer it be recommended.  My reasons are consistent with those
expressed earlier by Merlin.  I'm concerned the encrypt-and-replace and
decrypt-and-replace may be difficult to implement if one is using
certain underlying XML tools such as streams-based parsers.  Such
implementations may be important to certain customers.  For example,
ones who need to optimize for performance.  I'd rather we didn't
preclude such implementations from being compliant with the spec.

My view on this is also influenced by our recognition that XML Enc.
should not specify a serialization algorithm but rather defer this to
the app.  Given the app needs to handle XML serialization and provide
refs to the elements to be replaced, the perceived value of the
automated functions may not be large. 


> 
> Also, a question.
> 
> In 4.2.2, what is meant by KeyInfo containing "key 
> attributes." Do we mean 
> children of KeyInfo?
> 
> 
Yes, valid children of KeyInfo is what I meant by "key attributes".  We
should probably change the text to state this.

Received on Tuesday, 4 September 2001 13:13:05 UTC