Is encrypted element the weakest form of encryption? It could be if the schema falls into the wrong hands. So there are three ways to encrypt XML, let's consider a sample schema that includes:
<xs:element name="Name"...>
<xs:element name="Address"...>
<xs:element name="CreditCard"...>
and a document that includes:
<name>
Joe Smith
</name>
<address>
1234 Jones Street
</address>
<creditcard>
123456789
</creditcard>
For confidentiality you can
1. Encrypt the whole document
<?xml version='1.0' ?>
<enc:EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'...>
<enc:CipherData>
<enc:CipherValue>ASDF9KFLK...</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedData>
2. Encrypt the element (in this case credit card element and content)
<?xml version='1.0' ?>
<name>
Joe Smith
</name>
<address>
1234 Jones Street
</address>
<enc:EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Content'
<enc:CipherData>
<enc:CipherValue>ASDF9KFLK...</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedData>
3. Encrypt the content (in this case credit card number)
<?xml version='1.0' ?>
<name>
Joe Smith
</name>
<address>
1234 Jones Street
</address>
<creditcard>
<enc:EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Content...>
<enc:CipherData>
<enc:CipherValue>ASDF9KFLK...</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedData>
</creditcard>
The problem with encrypting the element (and to a possibly lesser extent the document) is that if the attacker has access to the schema, then this could be a relatively huge amount of known plaintext to figure out the key. This is because schema tells you to expect in terms of the plaintext elements <creditcard></creditcard>, and there can be many cases where the element tag is larger than the content it brackets (that you are trying to protect) <creditcard>16digitccnumber</creditcard> would be 25 characters of known plaintext and 16 digits to guess.
Some solutions include:
Solution 1: Longer keys
Keith Brown points out that we need to use a key long enough to make a known plaintext attack infeasible for the duration of the time the data must be kept secret. He points to Ferguson & Schneier in Practical Crypto - "always use crypto keys and primitives which give you a the level of security you need. 256-bit symmetric keys for a 128-bit level of security."
Solution 2: Add Salt
Pump up the randomness.
Solution 3: Encrypt the content instead, same as original example encrypted content
do you care if anyone knows what the tag is <creditcard></creditcard> if the value is encrypted?