[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Determining the Order of Decryption and Signature Validation
Ok, I will try one more time. I had completely overlooked section 9.1 which specifies that for the purposes of WSS a standalone ReferenceList can be used to point to EncryptedData in the symmetric key case, just as the EncryptedKey is used to point to the EncryptedData in the asymmetric key case. Therefore we don't have to use CipherReference at all (for anything in the soap envelope). The EncryptedData can appear in line. The relative order, within the security header, of either the EncryptedKey or ReferenceList, with respect to the Signature determines the order of processing. This seems simpler than my previous proposal. It does create the possibility of various ambiguous cases involving multiple ReferenceList elements or EncryptedKey elements that point to the same EncryptedData, but I guess we can either define rules for handling them or make them illegal. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]