OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wss] Determining the Order of Decryption and Signature Validation

Ok, I will try one more time.

I had completely overlooked section 9.1 which specifies that for the
purposes of WSS a standalone ReferenceList can be used to point to
EncryptedData in the symmetric key case, just as the EncryptedKey is used to
point to the EncryptedData in the asymmetric key case.

Therefore we don't have to use CipherReference at all (for anything in the
soap envelope). The EncryptedData can appear in line. The relative order,
within the security header, of either the EncryptedKey or ReferenceList,
with respect to the Signature determines the order of processing.

This seems simpler than my previous proposal.

It does create the possibility of various ambiguous cases involving multiple
ReferenceList elements or EncryptedKey elements that point to the same
EncryptedData, but I guess we can either define rules for handling them or
make them illegal.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]