Encryption and ERS

["Aljosa Jerman Blazic" <aljosa@xxxxxxxxx>]

Hi

I am working on the next version of XMLERS and by studying the last ERS
spec (RFC actually), I stumbled over encryption part:

"When a relying party uses an evidence record to prove the
      existence of encrypted data objects, it may be desirable for
      clients to only store the unencrypted data objects and to delete
      the encrypted copy.  In order to use the evidence record, it must
      then be possible to unambiguously re-encrypt the unencrypted data
      to get exactly the data that was originally archived.  Therefore,
      additional data necessary to re-encrypt data objects should be
      inserted into the evidence record by the client, i.e., the LTA
      never sees these values."

This approach foresees the inclusion of, correct me if I am wrong, data
necessary to re-encrypt data by a client to validate ERS generated. Now
the question here is, how can such information be trusted from a client?
It somehow breaks the point of ERS. It is true that LTA never sees such
data but this, IMO, does not affect the confidentiality issues and it
even does not make sense, as the crypto material used for encryption is
usually public... Or?

Also, there is a typo on page 19: instead of "ha(1), ha(2), ha(3) are as
defined in step 4 above" it should be "ha(1), ha(2), ha(3) are as
defined in step 3 above"

A.

-------------------
SETCCE
Jamova 39
SI-1000 Ljubljana
Europe
tel: +386 1 4773505
fax: +386 1 4773911
www.setcce.si
-------------------