Re: xenc:EncryptedKey/@Type from Joseph Reagle on 2002-01-02 (xml-encryption@w3.org from January 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 2 Jan 2002 16:59:59 -0500
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>, xml-encryption@w3.org
Message-Id: <200201022200.RAA13228@tux.w3.org>

I'm not opposed to the plaintext of EncryptedKey being some literal key 
corresponding to the EncryptionMethod algorithm. But my concerns on that 
front are:

o Loss of generality.

o Are we sure that there is a correspondance between EM Algorithms and key 
structures? I don't believe so. In those instances where this is the case, 
I'd recommend repeating the algorithm URI in the EncryptedKey Type, *or* 
stating that absent the EncryptedKey Type, the algorithm method is 
sufficient to also give the format.

And the spec already says:

o "2.2.2 EncryptedKey (ReferenceList, ds:RetrievalMethod, CarriedKeyName) 
[t15] ... (Note, an EncryptedKey's EncryptionMethod is the algorithm used 
to encrypt these octets and does not speak about what type of octets they  
are.)"

o "4.1.2.2 ... The result may then be a child of ds:KeyInfo"

On Wednesday 02 January 2002 16:06, Christian Geuer-Pollmann wrote:
> Hm, this would mean that some assumtions are possibly no longer valid: It
> was decided that the Nonce attribute is not available for
> xenc:EncryptedKey because we encrypt high-entropy things like raw
> cryptographic keys. Question: If we encrypt XML text which contains
> high-entropy data, do we need a xenc:EncryptedKey/@Nonce attribute?
>
> Additionally, the algorithms section will become much more complicated:
> Block Encryption algorithms like tripledes-cbc, aesXXX-cbc, would have to
> be used to encrypt keys -- or should we use wrap algorithms like
> kw-tripledes and kw-aesXXX to wrap XML-encoded keys?
>
> And - if we go to the very end - a PGPKey is nothing else like an RSA,
> DH, IDEA or TwoFish key which all have a binary representation. AND - if
> we look in the XML Signature implementations - until now, nobody
> implemented the PGP things...
>
>
>
> Christian

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Wednesday, 2 January 2002 17:00:01 UTC