I am preparing to write up some thoughts on an initial I-D for XML
Digital Signatures and Encryption in Atom and wanted to get some initial
thoughts from the group on a few syntax issues starting first with some
encryption thoughts:
Below are a few snippets of feeds with different encryptions each with
their own distinct issues.
1. No encryption (potentially encrypted in transport using SSL/TLS)
<feed>
<entry>
<content type="text">this is some content</content>
</entry>
</feed>
2. Text content of #1 is encrypted.
<feed>
<entry>
<content type="???">
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
type="http://www.w3.org/2001/04/xmlenc#Content">
<CipherData>
<CipherValue><!-- cipher of "this is some content"
--></CipherValue>
</CipherData>
</EncryptedData>
</content>
</entry>
</feed>
What should the value of the type attribute be in this case? A strict
reading of the Atom spec would dictate a value of "xml", but doing so
would cause us to lose the content type of the unencrypted content. A
simple solution would be to introduce a new extension attribute on the
content element that captures the type of the unencrypted content.
e.g. <content type="xml" enc:type="text"><EncryptedData
...>...</EncryptedData></content>
3. Content metadata element is encrypted
<feed>
<entry>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
type="http://www.w3.org/2001/04/xmlenc#Element">
<CipherData>
<CipherValue><!-- cipher of "<content type="text">this is
some content</content>" --></CipherValue>
</CipherData>
</EncryptedData>
</entry>
</feed>
In this case, the metadata elements themselves are encrypted opening
the obvious issue that all of the encrypted elements need to be
decrypted in order to perform the processing of the Atom elements. In
other words, you wouldn't be able to validate that an entry is
conformant until you decrypted everything.
4. Entry element is encrypted
<feed>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
type="http://www.w3.org/2001/04/xmlenc#Element">
<CipherData>
<CipherValue><!-- cipher of "<entry>...</entry>"
--></CipherValue>
</CipherData>
</EncryptedData>
</feed>
Same basic issue as #3 only not so bad.
5. Entire feed is encrypted
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"
type="http://www.w3.org/2001/04/xmlenc#Element">
<CipherData>
<CipherValue><!-- cipher of "<feed>...</feed>" --></CipherValue>
</CipherData>
</EncryptedData>
Simple and too the point. The only challenge is how we identify this
as being an encrypted Atom feed. It does not conform to the rules of
the application/atom+xml media type. Perhaps a new
application/atomenc+xml media type could be used or is there a better way?
Thoughts?
- James