[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tentative Conclusion on XML Design Question

To: hannes.tschofenig@xxxxxxx
Subject: Tentative Conclusion on XML Design Question
From: Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx>
Date: Thu, 21 Feb 2008 13:31:57 +0200
Cc: ietf-xml-use@xxxxxxx, xml-dir@xxxxxxxx, keyprov@xxxxxxxx
In-reply-to: <B1E0D83E059A1D4FB52A93E488D7AD8F46ED8D@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-xml-use/mail-archive/>
List-id: <ietf-xml-use.imc.org>
List-unsubscribe: <mailto:ietf-xml-use-request@imc.org?body=unsubscribe>
References: <B1E0D83E059A1D4FB52A93E488D7AD8F46ED8D@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: Hannes.Tschofenig@xxxxxxx
Sender: owner-ietf-xml-use@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)


Hi all,

after our interim meeting I posted the mail below to the XML directoratemailing list. I got three responses for variant A so far, namely:

* Tim Bray:http://www.ietf.org/mail-archive/web/xml-dir/current/msg00174.html

* Phil Shafer:http://www.ietf.org/mail-archive/web/xml-dir/current/msg00176.html


* Andrew Newton (offlist):

-----

Without much background on the trade-offs and why each is beingproposed, it is hard to tell which is better.


I do prefer variant A just because it seems simpler.

-andy

-----

Ciao
Hannes


hannes.tschofenig@xxxxxxx wrote:

Hi all,

last week we had our IETF KEYPROV interim meeting and among many
security related issue we also ran into XML design questions. Hence, I
would like to solicit feedback from XML experts. In short, there seem to
be (at least two) ways to construct the XML schema to express that a key
contains of a secret and has a couple of meta data associated with it.
We would like to utilize XML encryption to selectively protect some of

the elements.

Here are snippets from the two instance files:

* VARIANT A
===========

<Key ....>

    <Secret>
        <EncryptedValue>
            <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
            <xenc:CipherData>

<xenc:CipherValue>rf4dx3rvEPO0vKtKL14NbeVu8nk=</xenc:CipherValue>

            </xenc:CipherData>
        </EncryptedValue>
    </Secret>
    <Counter>
        <PlainValue>1234</PlainValue>
    </Counter>

</Key>


* VARIANT B
===========

<Key ...>

    <Data Name="SECRET">
        <EncryptedValue>
            <xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
            <xenc:CipherData>

<xenc:CipherValue>rf4dx3rvEPO0vKtKL14NbeVu8nk=</xenc:CipherValue>

            </xenc:CipherData>
        </EncryptedValue>
    </Data>
    <Data Name="COUNTER">
        <PlainValue>1234</PlainValue>
    </Data>
</Key>

I have put the schema/instance documents here:http://www.tschofenig.com/xml/


The KEYPROV working group would appreciate your input. Please let us

know which variant we should pick.

Ciao
Hannes

PS: I have simplified the schema to make it more convenient for you to

focus on the relevant parts._______________________________________________

KEYPROV mailing list
KEYPROV@xxxxxxxx
http://www.ietf.org/mailman/listinfo/keyprov

Follow-Ups:
- RE: Tentative Conclusion on XML Design Question
  - From: Larry Masinter

Prev by Date: CFP: E-Service Environments **deadline extended to Oct 30**
Next by Date: RE: Tentative Conclusion on XML Design Question
Previous by thread: CFP: E-Service Environments **deadline extended to Oct 30**
Next by thread: RE: Tentative Conclusion on XML Design Question
Index(es):
- Date
- Thread