OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wss] Issue 206 - Decryption by Intermediaries

At 07:40 AM 11/3/2003, Hal Lockhart wrote:
>I volunteered because I thought I understood this one, but now I am really
>scratching my head. My best guess is that the first sentence is missing a
>"not".


I think the intention of current text concerns targeted intermediaries. 
Specifically it is unspecified whether or not they replace decrypted 
elements of the message with the decrypted elements when they pass the 
message to the next SOAP node.  Since this isn't specified an out-of-band 
agreement needs to be made.


>Current text:
>
>Parts of a SOAP message may be encrypted in such a way that they can be
>decrypted by an intermediary that is targeted by one of the SOAP headers.
>Consequently, the exact behavior of intermediaries with respect to encrypted
>data is undefined and requires an out-of-band agreement.
>
>Corrected? text:
>
>Parts of a SOAP message may be encrypted in such a way that they can be
>decrypted by an intermediary that is not targeted by one of the SOAP
>headers. Consequently, the exact behavior of intermediaries with respect to
>encrypted data is undefined and requires an out-of-band agreement.
>
>---
>
>I believe intermediaries that are targeted must follow the SOAP processing
>rules and process the entire header and remove it. However "Active"
>intermediaries will not follow this pattern.
>
>I suggest we add the following text following the above:
>
>For example, an Active Intermediary might temporarily decrypt some data in
>order to verify a signature or inspect the data, but forward the data in
>encrypted form. Alternatively an intermediary might decrypt some data and
>leave signature verification for the targeted node.
>---
>
>Does anybody disagree about the missing "not"? If so, do you have any idea
>what the second sentence is refering to?
>
>Hal
>
>
>To unsubscribe from this mailing list (and be removed from the roster of 
>the OASIS TC), go to 
>http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]