[Resulting text:
http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
$Revision: 1.237 $ on $Date: 2002/08/19 19:57:54 $ GMT
]
On Thursday 08 August 2002 06:07 pm, Larry Masinter wrote:
I'm a little concerned about allowing arbitrary charset
values for the entire application/xml+enc body, though,
when any encrypted data are always UTF-8 encoded.
The encrypted data are always UTF-8 encoded when the data being encrypted is
XML, but may not be for other media type. Additionally, this doesn't apply
to the EncryptedData XML document itself (e.g., the KeyName example given
by Martin). We have no additional constraints on an EncryptedData or
EncryptedKey instance. It's generic XML.
Again, I would prefer if the reference were more explicit
about exactly was 'the same'.
This bit now reads, "Published specification: [XML-Encryption] " (It's kind
of a odd for a spec to have references to itself, but so be it...)
You might even note that because
encrypted data is encoded in base64 that encrypted data
may have different encoding requirements than the data
it replaces.
Yep, that's why the introduction says, "Additionally it allows applications
cognizant of this media-type (even if they are not XML Encryption
implementations) to note that the media type of the decrypted (original)
object might be a type other than XML." (Maybe this doesn't belong in the
introduction, but I'm not sure of a better place?)
references [2] in the same way I have done. I haven't been able to
find any example of a "MIME type threat analysis".
Encrypted content may be unsafe content.
Can you point me to any other registration that uses similar text I can
borrow? (Instead of crafting green text myself). Until then, I've added a
section 6.5:
[[
6.5 Unsafe Content
XML Encryption can be used to obscure, via encryption, content that
applications (e.g., firewalls, virus detectors, etc.) consider unsafe
(e.g., executable code, viruses, etc.). Consequently, such applications
must consider encrypted content to be as unsafe as the unsafest content
transported in its application context. Consequently, such applications may
choose to (1) disallow such content, (2) require access to the decrypted
form for inspection, or (3) ensure that arbitrary content can be safely
handled by receiving applications.
]]
I think you might just put it inline:
Published specification:
This document. The application/xenc+xml media type
may be used with XML documents in which the EncryptedData
and EncryptedKey element types, in the XML Encryption
namespace, appear as the root element of the XML document.
There was text like this in the "magic number" section which is now further
augmented.