OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-msg message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [ebxml-msg] Sign and Encrypt


Arvola, David,

The envelope is not encrypted prior to signing. Payload
encryption is beyond the scope of current MS spec.
Encrypting the envelope requires the addition of 
transforms for exclusion of Via etc. that are transient in communication.
Given these, though an important need for privacy,
 we may delay specing it till v1.2 (meanwhile XML Encryption
will mature too).
Cheers,
-Suresh


-----Original Message-----
From: Arvola Chan [mailto:arvola@tibco.com]
Sent: Friday, October 26, 2001 2:17 PM
To: David Fischer; ebXML Msg
Subject: Re: [ebxml-msg] Sign and Encrypt


David:

You proposed order of signing before encrypting works only if the MSH
takes care of both signatures and encryption.

In the current Messaging spec, the MSH is responsible for signing but
not encryption. Therefore, if you are concerned with persistent encryption
of the payload portion of an ebXML message, the encryption will have to
be performed first. The encrypted payload(s) will then have to be passed to
the MSH for packaging and signing.

Regards,
-Arvola

-----Original Message-----
From: David Fischer <david@drummondgroup.com>
To: ebXML Msg <ebxml-msg@lists.oasis-open.org>
Date: Friday, October 26, 2001 12:02 PM
Subject: [ebxml-msg] Sign and Encrypt


I am looking through the spec and I don't see anywhere that says which to do
first, Sign or Encrypt.  All security protocols of which I am aware always
sign
first and then encrypt.  This may be obvious but I would like to add a note
to
this effect in section 4.1.4.5.

Note:  When both signature and encryption are required, sign first and then
encrypt.

Regards,

David Fischer
Drummond Group.


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC