W3C home > Mailing lists > Public > public-xml-id@w3.org > January 2005

Re: *Major* problem with xml:id in canonical XML

From: Daniel Veillard <veillard@redhat.com>
Date: Mon, 24 Jan 2005 12:48:32 -0500
To: Elliotte Harold <elharo@metalab.unc.edu>
Cc: public-xml-id@w3.org
Message-ID: <20050124174832.GL8569@redhat.com>

On Mon, Jan 24, 2005 at 11:51:37AM -0500, Elliotte Harold wrote:
> I think the canonical XML spec clearly intended that all attributes in 
> the XML namespace have scope over their descendants, but that's not 
> really true for xml:id.

  Arghh, this sounds like a bug in XML Canonicalization v 1.0, the
assumption on any future extensions of the XML namespace sounds way out
of scope to me. I would be surprized if they really expected that effect.

> This probably has downstream implications for XML digital signatures and 
> XML encryption, both of which depend on canonicalization.
> Exclusive XML canonicalization does not inherit xml: attributes, and so 
> does not have this problem.
> I am not sure what to suggest as a fix. It is still possible to 
> canonicalize a document that uses xml:id. However, the results could be 
> quite unexpected and perhaps dangerous.

  IMHO this should be raised as a bug in XML Canonicalization v 1.0

> I wish I had a good answer here. I don't. I do think this should be 
> discussed, and whatever resolution is reached needs to be called out in 
> the spec to warn people about this.

  Looking at libxml2 implementation of c14n it seems affected by this,
damn ...


Daniel Veillard      | Red Hat Desktop team http://redhat.com/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
Received on Monday, 24 January 2005 17:48:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:49 UTC