[standards-jig] XML Encryption

Thomas Muldowney temas at box5.net
Fri Mar 15 17:13:42 UTC 2002


Yet again I've been investigating the XML Encryption, XML
Signature, and XML Key Management specs from the w3.  I think they have
great potential for the Jabber world, and for helping these specs see
more public implementations.  This is really just a preliminary post on
the topic to help me gauge where I should focus when doing a more
complete write up.  So here are some thoughts to help seed this along:

My primary concern is still key exchange.  The XKMS is still young and
would add a lot of complexity to clients.  Certificates are useful, as
well as a mechanism to get them, but who is the CA?  Because we'll
actually want to encourage symmetric block algorithms, it might be
beneficial to use DH key agreement with symmetric key wrap, but we still
have the key exchange issue.  I need some help on this one =)

Overally, the XML Encryption Standard is largely usable with a few 
restrictions on how it is used in Jabber.  First the <message>,
<presence>, and <iq> tags would have to remain visible when the encryption
is being used in an end to end manner (user to user for instance).  The 
whole element could be encrypted (perhaps end to end super encrypted), when
the server has a shared secret.  We'll need to make sure the required
suite of ciphers is available so there is a common ground.  There is
also potential negotiation here for the cipher set, which is not defined
clearly in the standard.  It's possible this one part could be done
using the JEP20 syntax.

I've browsed the XML Signature work, but enough to have good thoughts on
it, so comment is really welcome here.

That's about it for now.  I want to do a larger writeup with examples of
usage, but I hate working on something with huge holes such as key
exchange and agreement.  Thoughts are welcome!

--temas


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020315/08568ec0/attachment.sig>


More information about the Standards mailing list