[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Attachment Profile Question/Comment
Blake This is a good comment. I believe, however, it is still possible to create cases where order of encryption decryption cannot be clear from stacking. I'll put together an example. regards, Frederick Frederick Hirsch Nokia > -----Original Message----- > From: ext Blake Dournaee [mailto:blake@sarvega.com] > Sent: Thursday, June 24, 2004 3:01 PM > To: 'DeMartini, Thomas'; Hirsch Frederick (Nokia-TP/Boston); > wss@lists.oasis-open.org > Subject: [wss] Attachment Profile Question/Comment > > > All, > > I had a comment/question regarding the WSS SwA profile. > > In section 2.3, the motivation for the decryption transform > is driven in > part by the use of dual <S11:Header> elements. It seems to me > that the order > of digital signatures and encryption can indeed be discerned if the > operations are "stacked" (operations are pre-pended) inside a single > <S11:Header>/<wsse:Security> element, similar to what is done > for pure WSS. > > My concern here is that people reading this specification will assume > (wrongly) that in order to meet the profile for signing and > encryption of > attachments they must (a) use a distinct header block for > each operation and > (b) use the decryption transform in all cases. > > Can we make a clarification regarding signing and encryption > of attachments? > I personally would like to see some text that describes the case where > signing and encryption of attachments is done within a single > <wsse:Security> block, with subsequent operations pre-pended, thus > eliminating the need for the decryption transform. Unless I am missing > something the example given in 2.2.3 may be overly > complicated from the > paradigm case. > > Regards, > > Blake Dournaee > Senior Security Architect > Sarvega, Inc. > > > > > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/wss/members/leave > _workgroup.php. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]