Subject: Re: [wss] Issue 206 - Decryption by Intermediaries
At 07:40 AM 11/3/2003, Hal Lockhart wrote: >I volunteered because I thought I understood this one, but now I am really >scratching my head. My best guess is that the first sentence is missing a >"not". I think the intention of current text concerns targeted intermediaries. Specifically it is unspecified whether or not they replace decrypted elements of the message with the decrypted elements when they pass the message to the next SOAP node. Since this isn't specified an out-of-band agreement needs to be made. >Current text: > >Parts of a SOAP message may be encrypted in such a way that they can be >decrypted by an intermediary that is targeted by one of the SOAP headers. >Consequently, the exact behavior of intermediaries with respect to encrypted >data is undefined and requires an out-of-band agreement. > >Corrected? text: > >Parts of a SOAP message may be encrypted in such a way that they can be >decrypted by an intermediary that is not targeted by one of the SOAP >headers. Consequently, the exact behavior of intermediaries with respect to >encrypted data is undefined and requires an out-of-band agreement. > >--- > >I believe intermediaries that are targeted must follow the SOAP processing >rules and process the entire header and remove it. However "Active" >intermediaries will not follow this pattern. > >I suggest we add the following text following the above: > >For example, an Active Intermediary might temporarily decrypt some data in >order to verify a signature or inspect the data, but forward the data in >encrypted form. Alternatively an intermediary might decrypt some data and >leave signature verification for the targeted node. >--- > >Does anybody disagree about the missing "not"? If so, do you have any idea >what the second sentence is refering to? > >Hal > > >To unsubscribe from this mailing list (and be removed from the roster of >the OASIS TC), go to >http://www.oasis-open.org/apps/org/workgroup/wss/members/leave_workgroup.php.