Re: xenc:EncryptedKey/@Type

On Mittwoch, 2. Januar 2002 15:17 -0500 Joseph Reagle <reagle@w3.org> wrote:
> On Wednesday 02 January 2002 11:15, Christian Geuer-Pollmann wrote:
>> what does the xenc:EncryptedKey/@Type attribute tell me? (@Type exists in
>> the schema for EncryptedType).
>>
>> All our examples use a xenc:EncryptedData/@Type which makes sense to me.
>> But the Type of an EncryptedKey should be indicated by an Algorithm
>> attribute of the EncryptionMethod of the EncryptedData Element.
>
> If it's Element or Content, it tells you it's one of those structures.
> Otherwise the data is handed to the application with the Type/Value as
> advisory -- if provided. However, your question invites a question raised
> earlier as to whether the plaintext carried by an EncryptedKey is always
> the literal key value. I do think we need to provide some guidance
> regardless, but is anyone arguing against the possibility of a
> <PGPData><PGPKeyPacket>...</PGPData><PGPKeyPacket> as the
> plaintext data carried by EncryptedKey?

Hm, this would mean that some assumtions are possibly no longer valid: It 
was decided that the Nonce attribute is not available for xenc:EncryptedKey 
because we encrypt high-entropy things like raw cryptographic keys. 
Question: If we encrypt XML text which contains high-entropy data, do we 
need a xenc:EncryptedKey/@Nonce attribute?

Additionally, the algorithms section will become much more complicated: 
Block Encryption algorithms like tripledes-cbc, aesXXX-cbc, would have to 
be used to encrypt keys -- or should we use wrap algorithms like 
kw-tripledes and kw-aesXXX to wrap XML-encoded keys?

And - if we go to the very end - a PGPKey is nothing else like an RSA, DH, 
IDEA or TwoFish key which all have a binary representation. AND - if we 
look in the XML Signature implementations - until now, nobody implemented 
the PGP things...



Christian

Received on Wednesday, 2 January 2002 15:53:43 UTC