[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [wss] Attachments Profile
Here are a few comments to help fill in the details for the attachment decryption transform.
a) Section 1.1.2: Table: mdcrypt should not have #MIME at the end. Suggest changing prefix to just “dcrpt”. b) New section 2.1.1.4 needed to define the attachment decrypt transform URI (http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#attachment-decrypt) as a transform that takes an octet stream as input and produces an octet stream as output representing the decryption of the input attachment according to all of the encryption information in the security headers except for those called out using mdcrpt:Except as specified in W3C Decryption Transform. c) Section 2.3: Both Examples: Need to be updated to use new URI from b) d) Section 2.3: Second Example: The mdcrpt:Except/@URI should be changed to dcrpt:Except/@URI and should have value “#foo_Part” rather than “cid:foo” to refer to an xenc:EncryptedData element.
&Thomas.
-----Original Message-----
2) Added
new Decryption Transform mode for MIME parts - the Decryption Transform is a
W3C recommendation [4] that allows a receiver to determine which
encrypted content must first be decrypted before signature verification. This
is done by specifying what does not need to be decrypted (ie what encrypted
content is covered by the signature). An additional mode may be suitable
for attachments since the SwA proposal uses ciphertext in attachments instead
of <xenc:EncryptedData> elements. Defined namespace prefix for this mode. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]