[standards-jig] XML Encryption

Thomas Muldowney temas at box5.net
Mon Mar 18 18:22:00 UTC 2002


I would love to try and solve these, but I'm seriously stuck on them. 
We can't place trust in the servers, we can't place trust in a major 3rd
party in a highly distributed system, and we can't trust the users. 
Where's the trust?  Yes, there are scenarios where you do have a trusted
entity (such as a company with an internal CA), but for common users
this will not be there.  I'm not sure where to look and I'm really
asking for more comment on it =)

As to the key agreement side it's not that bad once we have some method
of passing the trusted keys.  DH Key agreement works great after that
and is already listed in teh XML Encryption standard.

--temas


On Mon, 2002-03-18 at 11:17, Iain Shigeoka wrote:
> On 3/15/02 9:13 AM, "Thomas Muldowney" <temas at box5.net> wrote:
> 
> > That's about it for now.  I want to do a larger writeup with examples of
> > usage, but I hate working on something with huge holes such as key
> > exchange and agreement.  Thoughts are welcome!
> 
> I agree.  The problem with key exchange systems have traditionally been the
> difficulty of managing, exchanging, and maintaining the keys.  I'd probably
> suggest taking the alternate tack and trying to solve key exchange and
> agreement first.  If you can come up with a satisfying solution for it, then
> the rest will probably fall into place trivially.  Without that solution
> though, there's not too much of a point in putting signatures and encryption
> in place...
> 
> Just my opinion.
> 
> -iain
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 
> _______________________________________________
> Standards-JIG mailing list
> Standards-JIG at jabber.org
> http://mailman.jabber.org/listinfo/standards-jig





More information about the Standards mailing list