Re: XML tag encryption?

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Roger Marquis, sie wrote:
> There's an article in the May 27 Computerword entitled "XML's Dirty
> Secret".  It's labeled a Technical Analysis but written more like
> an advertisement for the Forum Sentry Server Appliance (www.forumsys.com).
> This is a Linux-based network device that apparently encrypts and
> decrypts XML tags (not the data, just the tags).
>
> It's an interesting application but one that wouldn't seem to offer
> any substantive benefit over other types of encryption (VPN, file,
> content, ...).  The xml-dev list is divided on the issue
> <http://lists.xml.org/archives/xml-dev/200205/msg01412.html>.
>
> Is this another dot-com bomb or might XML be a potential security
> product niche?

I can think of why you might want to do this.

It allows you to exchange data with something else through another
something that analyses the network traffic created as a result of
the exchange without giving away the true meaning of the data.

If I give you a spreadsheet of figures in XML, what any of those
figures mean is lost if you scramble the column names and other
random text tags, right ?

One example I can think of is if you wanted to scan XML content for
viruses/worms without a complete compromise of the data, this might
allow for that.

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards