Comments for Decryption Transform from by way of Joseph Reagle on 2002-09-17 (xml-encryption@w3.org from September 2002)

From: by way of Joseph Reagle <lesch@w3.org>
Date: Tue, 17 Sep 2002 08:51:00 -0400
To: merlin@baltimore.ie, imamu@jp.ibm.com, maruyama@jp.ibm.com
Cc: XML Encryption <xml-encryption@w3.org>
Message-Id: <200209170845.33371.lesch@w3.org>
Hello,

Belated congratulations on your Decryption Transform Candidate
Recommendation [1]. Here are just a few comments.

A spell checker found:
s/receipient/recipient/
s/rewriten/rewritten/
s/concatentation/concatenation/
s/Acknlowledgements/Acknowledgments/

Also:
s/whitespace/white space/
s/Working Group members/Working Group participants/
s/Well-Formed Data/Well-Formed Data/
- Use either a or e for all occurrences of descendant.
- In 3.1 there is a stray &gt; in the second function.

I tried to find ways to make the functions straightforward.

Is it necessary to spell out and link to the Reference Processing Model
twice in function one? Could you just declare B like this instead?

    <em>B</em> is an octet stream as described in <em><a

href="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-ReferencePro
cessingModel">The

    Reference Processing Model</a></em> [<a
href="#XML-Signature">XML-Signature</a>
    section 4.3.3.2].

If that won't work, can you make both occurrences identical like this?

    as described in The Reference Processing Model [XML-Signature section
    4.3.3.2]

In 3.1 function one, well-formed (see section 4.3.1) links to 3.4.1.
Also, augmented (see section 4.3.2) links to 3.4.2.

In 3.1 function one, can the two list items inside the first item in 2
be at the same level as "B may not be in canonical form."? In other
words, can you eliminate a level?

Why does 3.1 link namespace to [XML]? I'd guess Namespaces in XML instead
(that would be a new Reference).

In 3.1 function two, are &amp;xenc;Element and &amp;xenc;Content markup
artifacts? If they aren't they could be marked up <code>.

In 3.1 function two, can the example, list item 3-1-1, be moved outside
the list?

Below are three short sections that might be simplified.

This sentence is dense and long.

    The REQUIRED URI attribute value of the dcrpt:Except element MUST be
    a non-empty same-document URI reference [URI] (i.e., a number sign
    ('#') character followed by an XPointer expression [XPointer] (as
    profiled by The Reference Processing Model (section 4.3.3.2) of the
    XML Signature specification [XML-Signature])) and identify
    xenc:EncryptedData elements within the input to the transform.

It could be three sentences, something like:

    The REQUIRED URI attribute value of the dcrpt:Except element MUST be
    a non-empty same-document URI reference [URI], i.e., a number sign
    ('#') character followed by an XPointer expression [XPointer]. The
 value MUST identify xenc:EncryptedData elements within the input to the
 transform. [Whatever is profiled] is profiled by The Reference Processing
 Model (section 4.3.3.2) of the XML Signature specification
 [XML-Signature].

This sentence is long:

    To correct this problem, the canonicalization-with-replacement step
    of the decryptXML() function augments its internal use of [XML-C14N]
    such that node-sets that are replacing elements whose parent node is
    not part of the original signed node-set, (which in most cases means
    that a directly-signed element was encrypted, as shown), are
    canonicalized with attributes from the XML namespace that would have
    been inherited by the unencrypted element in its original document.

becomes:

    To correct this problem, the canonicalization-with-replacement step
    of the decryptXML() function augments its internal use of [XML-C14N].
    Node-sets that are replacing elements whose parent node is not part of
    the original signed node-set are canonicalized with attributes from
    the XML namespace that would have been inherited by the unencrypted
    element in its original document. Not part of the original signed
    node-set in most cases means a directly-signed element was encrypted,
    as shown.

Can you break this in two, with a period in place of the colon?

    While this change is made to maintain the validity of signatures
    using [XML-C14N], it does not interfere with the validity of
    signatures using [XML-exc-C14N]: this transform, and the inclusion
    of attributes from the XML namespace (i.e., xml:*), is performed
    during signature validation and generation.

Finally, in References, the URIs should not be links.
http://www.w3.org/2001/06/manual/#ref-REF-TITLES

[1] http://www.w3.org/TR/2002/CR-xmlenc-decrypt-20020802

Best wishes for your project,
--
Susan Lesch           http://www.w3.org/People/Lesch/
mailto:lesch@w3.org               tel:+1.858.483.4819
World Wide Web Consortium (W3C)    http://www.w3.org/
Received on Tuesday, 17 September 2002 08:51:05 UTC