OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Attachment Profile Question/Comment

Blake

This is a good comment.

I believe, however, it is still possible to create cases where order of encryption decryption cannot be clear from stacking. I'll put together an example.


regards, Frederick

Frederick Hirsch
Nokia



> -----Original Message-----
> From: ext Blake Dournaee [mailto:blake@sarvega.com]
> Sent: Thursday, June 24, 2004 3:01 PM
> To: 'DeMartini, Thomas'; Hirsch Frederick (Nokia-TP/Boston);
> wss@lists.oasis-open.org
> Subject: [wss] Attachment Profile Question/Comment
> 
> 
> All,
> 
> I had a comment/question regarding the WSS SwA profile.
> 
> In section 2.3, the motivation for the decryption transform 
> is driven in
> part by the use of dual <S11:Header> elements. It seems to me 
> that the order
> of digital signatures and encryption can indeed be discerned if the
> operations are "stacked" (operations are pre-pended) inside a single
> <S11:Header>/<wsse:Security> element, similar to what is done 
> for pure WSS.
> 
> My concern here is that people reading this specification will assume
> (wrongly) that in order to meet the profile for signing and 
> encryption of
> attachments they must (a) use a distinct header block for 
> each operation and
> (b) use the decryption transform in all cases.
> 
> Can we make a clarification regarding signing and encryption 
> of attachments?
> I personally would like to see some text that describes the case where
> signing and encryption of attachments is done within a single
> <wsse:Security> block, with subsequent operations pre-pended, thus
> eliminating the need for the decryption transform. Unless I am missing
> something the example given in 2.2.3 may be overly 
> complicated from the
> paradigm case.
> 
> Regards,
> 
> Blake Dournaee
> Senior Security Architect
> Sarvega, Inc.
> 
> 
> 
> 
> 
> To unsubscribe from this mailing list (and be removed from 
> the roster of the OASIS TC), go to 
> http://www.oasis-open.org/apps/org/workgroup/wss/members/leave
> _workgroup.php.
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]