- From: Joseph Reagle <reagle@w3.org>
- Date: Mon, 1 Apr 2002 17:13:13 -0500
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, aleksey@aleksey.com, xml-encryption@w3.org
On Monday 01 April 2002 16:37, Christian Geuer-Pollmann wrote: > For digital signatures (non-repudiation), the signed want's to state that > he made a statement and he want that the binding between his identity > (Certificate) and the signed contents is non-ambiguous. So it wouldn't > make sense to omit the ds:SignatureMethod because that would let space > for discussions (which algorithm was used). Right. > For encryption (confidentiality), there are people who like "security by > obscurity" as an additional point in their encryption system. So making > the xenc:EncryptionMethod REQUIRED would force people to expose > information which they probably do not want to disclose. I've yet to hear its optionality should be permitted for obfuscation purposes, rather it might be known in an application context and need not be repeated.
Received on Monday, 1 April 2002 17:13:17 UTC