On Fri, 2005-07-01 at 16:13 -0400, Sam Hartman wrote: > Paul, two points. > > For me to be happy, your specification must mandate that xmldsig be > used whenever encryption is used. > > As a consequence of this and your decision not to support MACs, then > in order to encrypt a document, you must sign it. In addition, in > order to accept this encrypted document, the recipient must be able to > verify your signature. > > Please confirm with the working group that these requirements are > acceptable. In particular this forbids the case where I submit an > entry encrypted to some third party who I don't share a PKI with.
An aweful lot of 'must's there Sam, for one persons view? I see no reason to using signing, just because I choose to encrypt? Sounds a bit too corner case for my liking. DaveP
