This document:Public document·View comments·Disposition of Comments·
Nearby:XML Security Working Group Other specs in this tool
Status: allopen proposal pending resolved_yes resolved_no resolved_partial other Type: allsubstantive editorial typo question general comment undefined
Quick access to LC-2386 LC-2387 LC-2420 LC-2541 LC-2542 LC-2543 LC-2544
There are 7 comments (sorted by their types, and the section they are about).
Section 2.1.4 "Encrypting Arbitrary Data and XML Documents" defines a way to encrypt a document as a whole, and shows an example that demonstrates the ability to encode a whole XML document. A natural corollary would be encrypting the whole EXI stream, with MimeType="application/exi", which may not necessarily be stated there, however, I would like to confirm that such use of EXI within EncryptedData is both legal and within the expectation of the WG.
The example in section 2.2.1 is broken: [s1] <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Element'/> The closing slash is one too many. http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/#sec-eg-Symmetric-Key Regards, -- Thomas Roessler, W3C <tlr@w3.org> (@roessler)
Section 4.2 "Well-known Type parameter values" defines a reserved value for EXI. It also states that: "Encryptors and Decryptors should handle unknown or empty Type attribute values as a signal that the cleartext is to be handled as an opaque octet-stream, whose specific processing is up to the invoking application. In this case, the Type, MimeType and Encoding parameters should be treated as opaque data whose appropriate processing is up to the application." It is not clear to me what is expected of a processor that does not implement EXI have encountered Type value of "http://www.w3.org/2009/xmlenc11#EXI". Since the value "http://www.w3.org/2009/xmlenc11#EXI" is well-known, the quoted paragraph does not seem to apply to the value. When I think that the encryption of EXI stream as a whole is covered by section 2.1.4, I start to wonder what the mention of EXI in section 4.2 would add beyond that in terms of function. It appears as though the two mechanisms are functionally same with regards to how they relate to EXI, since both provide ways to encrypt and contain EXI streams within XML.
Is the definition of PRFAlgorithmIdentifierType correct? In my understanding, it prohibits Parameters elements. oXygen (and probably Xerces) agrees with me.
xenc-schema-11.xsd does not import xmldsig11-schema.xsd but rather import xmldsigschema.xsd. However, XML Encryption 1.1 normatively references to XML Signature 1.1 rather than 1.0. Which is correct?
I do not understand the note: Note that the same URI is used to identify base64 both in "encoding" context (e.g. when needed within a CipherValue element) as well as in "transform" context (when identifying a base64 transform)." in XML Encryption 1.1. The CipherValue element does not have the Algorithm attribute. Why can the URI http://www.w3.org/2000/09/xmldsig#base64 be used for encoding?
XML Encryption Syntax and Processing Version 1.1 references to itself as a normative reference.
Add a comment.