[standards-jig] XML Encryption

David Waite mass at akuma.org
Mon Mar 18 17:29:28 UTC 2002

Iain Shigeoka wrote:

>On 3/15/02 9:13 AM, "Thomas Muldowney" <temas at box5.net> wrote:
>>That's about it for now.  I want to do a larger writeup with examples of
>>usage, but I hate working on something with huge holes such as key
>>exchange and agreement.  Thoughts are welcome!
>I agree.  The problem with key exchange systems have traditionally been the
>difficulty of managing, exchanging, and maintaining the keys.  I'd probably
>suggest taking the alternate tack and trying to solve key exchange and
>agreement first.  If you can come up with a satisfying solution for it, then
>the rest will probably fall into place trivially.  Without that solution
>though, there's not too much of a point in putting signatures and encryption
>in place...
It might be that we can use the same encryption methods for all 
environments, but need key exchange mechanisms tailored to the type of 
client being written (for instance, an unsigned applet on a public 
server won't get value from anything other than a diffie-hellman style 
key exchange; because they can't make connections to a trusted third 
party, or trust the server serving up the applet any more or less than 
any other intermediary)

-David Waite

>Just my opinion.
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
>Standards-JIG mailing list
>Standards-JIG at jabber.org

More information about the Standards mailing list