Re: ISSUE-157 on Signature 1.1 Section 4.10, proposal, proposal, please review from Frederick Hirsch on 2009-12-07 (public-xmlsec@w3.org from December 2009)

From: Frederick Hirsch <Frederick.Hirsch@nokia.com>
Date: Mon, 7 Dec 2009 09:54:46 -0500
To: ext Thomas Roessler <tlr@w3.org>
Cc: Frederick Hirsch <Frederick.Hirsch@nokia.com>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-Id: <01529970-4BE4-4383-8904-BD44856204E2@nokia.com>

I like the approach.

It might make sense to keep the heading for MgmtData with the only  
content being that it is deprecated, and then add the new section.

regards, Frederick

Frederick Hirsch
Nokia



On Dec 7, 2009, at 9:47 AM, ext Thomas Roessler wrote:

> How about replacing section 4.10 with a new section "Key Agreement  
> and Derived Keys", roughly like this:
>
>> Use of the MgmtData element is deprecated.
>>
>> The <xenc:EncryptedKey> and <xenc:Agreement> elements defined in  
>> [ENC11] as children of ds:KeyInfo can be used to convey in-band key  
>> agreement information, or encrypted key material.
>
> --
> Thomas Roessler, W3C  <tlr@w3.org>
>
>
>
>
>
>
>
> On 5 Dec 2009, at 02:14, Frederick Hirsch wrote:
>
>> new issue, ISSUE-157
>>
>> section 4.10 The MgmtData Element
>> http://www.w3.org/2008/xmlsec/Drafts/xmldsig-core-11/Overview.htm#sec-MgmtData
>>
>> refers to non-existent XML Encryption WG with a place holder.
>>
>> [[ The MgmtData element within KeyInfo is a string value used to  
>> convey in-band key distribution or agreement data. For example, DH  
>> key exchange, RSA key encryption, etc. Use of this element is NOT  
>> RECOMMENDED. It provides a syntactic hook where in-band key  
>> distribution or agreement data can be placed. However, superior  
>> interoperable child elements of KeyInfo for the transmission of  
>> encrypted keys and for key agreement are being specified by the W3C  
>> XML Encryption Working Group and they should be used instead of  
>> MgmtData. ]]
>>
>> Maybe it is time we changed this :)
>>
>> How about
>>
>> [[ The MgmtData element within KeyInfo is a string value used to  
>> convey in-band key distribution or agreement data. Use of this  
>> element is NOT RECOMMENDED.
>> Key Transport algorithms conveyed as part of the ds:KeyInfo/ 
>> xenc:EncryptedKey element, as defined in the XML Encryption 1.1  
>> section on Key Transport, are to be used instead. ]]
>>
>> Can we deprecate the element in this 1.1 release? Does the proposal  
>> make sense or did I misinterpret this?
>>
>> regards, Frederick
>>
>> Frederick Hirsch
>> Nokia
>>
>>
>>
>>
>>
>

Received on Monday, 7 December 2009 14:56:05 UTC