Edit comment LC-2386 for XML Security Working Group

Quick access to LC-2386 LC-2387 LC-2420 LC-2541 LC-2542 LC-2543 LC-2544

Comment LC-2386

Comment Shortname:

Commenter: Taki Kamiya <tkamiya@us.fujitsu.com> on behalf of EXI Working Group

Message-id:

Section of the document concerned:

[Free text description]Document as a wholeXML Encryption Syntax and Processing Version 1.1 W3C Working Draft 13 May 2010 Abstract This document specifies a process for encrypting d... Status of This Document This section describes the status o... Table of Contents 1. Introduction 1.1 Editorial and Confo... 1. Introduction This document specifies a process for encry... 1.1 Editorial and Conformance Conventions This specificatio... 1.2 Design Philosophy The design philosophy and requirement... 1.3 Versions, Namespaces, URIs, and Identifiers This specif... 1.4 Acknowledgements The contributions of the following Wor... 2. Encryption Overview and Examples This section is non-nor... 2.1 Encryption Granularity Note: Examples in this document... 2.1.1 Encrypting an XML Element Smith's credit card number... 2.1.2 Encrypting XML Element Content (Elements) As an alter... 2.1.3 Encrypting XML Element Content (Character Data) Alter... 2.1.4 Encrypting Arbitrary Data and XML Documents If the ap... 2.1.5 Super-Encryption: Encrypting EncryptedData An XML doc... 2.2 EncryptedData and EncryptedKey Usage 2.2.1 EncryptedDa... 2.2.1 EncryptedData with Symmetric Key (KeyName) [s1] <E... 2.2.2 EncryptedKey (ReferenceList, ds:RetrievalMethod, Carr... 3. Encryption Syntax This section provides a detailed descr... 3.1 The EncryptedType Element EncryptedType is the abstract... 3.2 The EncryptionMethod Element EncryptionMethod is an opt... 3.3 The CipherData Element The CipherData is a mandatory el... 3.3.1 The CipherReference Element If CipherValue is not sup... 3.4 The EncryptedData Element The EncryptedData element is... 3.5 Extensions to ds:KeyInfo Element There are three ways t... 3.5.1 The EncryptedKey Element Identifer Type="http://www.... Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" 3.5.2 The DerivedKey Element Identifier Type="http://www.w... Type="http://www.w3.org/2009/xmlenc11#DerivedKey" 3.5.3 The ds:RetrievalMethod Element The ds:RetrievalMethod... 3.6 The ReferenceList Element ReferenceList is an element t... 3.7 The EncryptionProperties Element Identifier Type="http... Type="http://www.w3.org/2001/04/xmlenc#EncryptionProperties" 4. Processing Rules This section describes the operations t... Encryptor Decryptor Application 4.1 Intended Application Model The processing rules for XML... 4.2 Well-known Type parameter values For interoperability p... element content http://www.w3.org/2009/xmlenc11#EXI 4.3 Encryption The selection of the algorithm, parameters,... 4.4 Decryption For each EncryptedData or EncryptedKey to be... 4.5 XML Encryption Encryption and decryption operations are... 4.5.1 A Decrypt Implementation (Non-normative) Where P is t... parsing context 4.5.2 A Decrypt and Replace Implementation (Non-normative)... 4.5.3 Serializing XML (Non-normative) 4.5.3.1 Default Name... 4.5.3.1 Default Namespace Considerations In Encrypting XML... 4.5.3.2 XML Attribute Considerations Similar attention betw... 4.5.4 Text Wrapping This section specifies the process for... 5. Algorithms This section discusses algorithms used with t... 5.1 Algorithm Identifiers and Implementation Requirements A... 5.1.1 Table of Algorithms The table below lists the categor... 5.2 Block Encryption Algorithms Block encryption algorithms... 5.2.1 Padding Since the data being encrypted is an arbitrar... 5.2.2 Triple DES Identifier: http://www.w3.org/2001/04/xml... http://www.w3.org/2001/04/xmlenc#tripledes-cbc 5.2.3 AES Identifier: http://www.w3.org/2001/04/xmlenc#aes... http://www.w3.org/2001/04/xmlenc#aes128-cbc http://www.w3.org/2001/04/xmlenc#aes192-cbc http://www.w3.org/2001/04/xmlenc#aes256-cbc 5.2.4 AES-GCM Identifier: http://www.w3.org/2009/xmlenc11#... http://www.w3.org/2009/xmlenc11#aes128-gcm http://www.w3.org/2009/xmlenc11#aes256-gcm 5.3 Stream Encryption Algorithms Simple stream encryption a... 5.4 Key Derivation Key derivation is a well-established mec... 5.4.1 ConcatKDF Identifier: http://www.w3.org/2009/xmlenc1... http://www.w3.org/2009/xmlenc11#ConcatKDF 5.4.2 PBKDF2 Identifier: http://www.w3.org/2009/xmlenc11#p... http://www.w3.org/2009/xmlenc11#pbkdf2 5.5 Key Transport Key Transport algorithms are public key e... 5.5.1 RSA Version 1.5 Identifier: http://www.w3.org/2001/0... http://www.w3.org/2001/04/xmlenc#rsa-1_5 5.5.2 RSA-OAEP Identifier: http://www.w3.org/2001/04/xmlen... http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p 5.6 Key Agreement A Key Agreement algorithm provides for th... 5.6.1 Diffie-Hellman Key Values Identifier: http://www.w3.... http://www.w3.org/2001/04/xmlenc#DHKeyValue 5.6.2 Diffie-Hellman Key Agreement The Diffie-Hellman (DH)... 5.6.2.1 Diffie-Hellman Key Agreement with Explicit Key Deri... http://www.w3.org/2009/xmlenc11#dh-es 5.6.2.2 Diffie-Hellman Key Agreement with Legacy Key Deriva... http://www.w3.org/2001/04/xmlenc#dh 5.6.3 Elliptic Curve Diffie-Hellman (ECDH) Key Values Iden... http://www.w3.org/2009/xmldsig11#ECKeyValue 5.6.4 Elliptic Curve Diffie-Hellman (ECDH) Key Agreement (E... http://www.w3.org/2009/xmlenc11#ECDH-ES 5.7 Symmetric Key Wrap Symmetric Key Wrap algorithms are sh... 5.7.1 CMS Triple DES Key Wrap Identifiers and Requirements... http://www.w3.org/2001/04/xmlenc#kw-tripledes 5.7.2 AES KeyWrap Identifiers and Requirements: http://www... http://www.w3.org/2001/04/xmlenc#kw-aes128 http://www.w3.org/2001/04/xmlenc#kw-aes192 http://www.w3.org/2001/04/xmlenc#kw-aes256 5.7.3 AES KeyWrap with Padding Identifiers and Requirement... http://www.w3.org/2009/xmlenc11#kw-aes-128-pad http://www.w3.org/2009/xmlenc11#kw-aes-192-pad http://www.w3.org/2009/xmlenc11#kw-aes-256-pad 5.8 Message Digest Message digest algorithms can be used in... 5.8.1 SHA1 Identifier: http://www.w3.org/2000/09/xmldsig#s... 5.8.2 SHA256 Identifier: http://www.w3.org/2001/04/xmlenc#... http://www.w3.org/2001/04/xmlenc#sha256 5.8.3 SHA384 Identifier: http://www.w3.org/2001/04/xmlenc#... http://www.w3.org/2001/04/xmlenc#sha384 5.8.4 SHA512 Identifier: http://www.w3.org/2001/04/xmlenc#... http://www.w3.org/2001/04/xmlenc#sha512 5.8.5 RIPEMD-160 Identifier: http://www.w3.org/2001/04/xml... http://www.w3.org/2001/04/xmlenc#ripemd160 5.9 Canonicalization A Canonicalization of XML is a method... 5.9.1 Inclusive Canonicalization Identifiers: http://www.w... 5.9.2 Exclusive Canonicalization Identifiers: http://www.w... 6. Security Considerations 6.1 Relationship to XML Digital... 6.1 Relationship to XML Digital Signatures The application... 6.2 Information Revealed Where a symmetric key is shared am... 6.3 Nonce and IV (Initialization Value or Vector) An undesi... 6.4 Denial of Service This specification permits recursive... 6.5 Unsafe Content XML Encryption can be used to obscure, v... 7. Conformance An implementation is conformant to this spec... 8. XML Encryption Media Type 8.1 Introduction XML Encrypti... 8.1 Introduction XML Encryption Syntax and Processing [XMLE... 8.2 application/xenc+xml Registration This is a media type... 9. Schema 9.1 XSD Schema XML Encryption Core Schema Insta... 9.1 XSD Schema XML Encryption Core Schema Instance xenc-sc... 9.2 RNG Schema This section is non-normative. Non-normative... A. References Dated references below are to the latest know... A.1 Normative references [AES] NIST FIPS 197: Advanced En... [AES] [AES-WRAP] [AES-WRAP-PAD] [ANSI-X9-44-2007] [CMS-Algorithms] [CMS-WRAP] [DES] [ESDH] [EXI] [FIPS-180-3] [FIPS-186-3] [HMAC] [NFC] [PKCS1] [PKCS5] [PKCS5Amd1] [RANDOM] [RFC2045] [RFC2119] [RIPEMD-160] [SP800-38D] [SP800-56A] [TRIPLEDES] [URI] [XML-ENCRYPTION-REQ] [XML-NAMES] [XML10] [XMLDSIG-CORE1] [XMLENC-CORE1] [XMLSCHEMA-1] [XMLSCHEMA-2] [XPATH] A.2 Informative references [Davis] Defective Sign & Encry... [Davis] [MIME-REG] [RELAXNG-SCHEMA] [SHA-1-Analysis] [SHA-1-Collisions] [Tobin] [XML-C14N] [XML-C14N11] [XML-EXC-C14N] [XML-INFOSET] [XML-MT] [XMLBASE] [XMLENC-DECRYPT] [XMLSEC-RELAXNG] [XMLSEC11-REQS]
or

Refinement of the section concerned:

Status:

open proposal pending resolved_yes resolved_no resolved_partial other assigned to Nobody

Type: substantive editorial typo question general comment undefined

Resolution status:

Response drafted Resolution implemented Reply sent to commenter

Response status:

No response from Commenter yet Commenter approved disposition Commenter objected to disposition
Commenter's response (URI):

Comment:

Section 2.1.4 "Encrypting Arbitrary Data and XML Documents" defines a way to encrypt a document as a whole, and shows an example that demonstrates the ability to encode a whole XML document. A natural corollary would be encrypting the whole EXI stream, with MimeType="application/exi", which may not necessarily
be stated there, however, I would like to confirm that such use of EXI within EncryptedData is both legal and within the expectation of the WG.

Related issues: (space separated ids)

WG Notes: The XML Security WG agreed to the proposed resolution on the comment at the teleconference held on 10 August, see http://www.w3.org/2010/08/10-xmlsec-minutes.html#item04 .

Resolution: Handling an EXI stream as an octet-stream of media type application/exi is perfectly fine. In that case, one wouldn't want to use the EXI type parameter, and would not expect EXI-specific handling of the encryptor or decryptor to apply.

(Please make sure the resolution is adapted for public consumption)