W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > December 2007

Re: defCan-1

From: Thomas Roessler <tlr@w3.org>
Date: Sat, 8 Dec 2007 09:00:19 +0100
To: Bruce Rich <brich@us.ibm.com>
Cc: xmldsigtechnical <public-xmlsec-maintwg@w3.org>
Message-ID: <20071208080019.GC286@iCoaster.does-not-exist.org>

On 2007-12-07 15:02:22 -0600, Bruce Rich wrote:

> Check that implementations and APIs of [XMLDSIG] honor the recommendation 
> to use [XML-C14N1.1] in section 3.1.1 "Reference Generation" of [XMLDSIG] 

> Where is this recommendation made?  It's not in section 3.1.1 of xmldsig. 

   The Reference Processing Model (section 4.3.3.2) requires use of
   Canonical XML 1.0 [XML-C14N] as default processing behavior when
   a transformation is expecting an octet-stream, but the data
   object resulting from URI dereferencing or from the previous
   transformation in the list of Transform elements is a node-set.
   We RECOMMEND that, when generating signatures, signature
   applications do not rely on this default behavior, but explicitly
   identify the transformation that is applied to perform this
   mapping. In cases in which inclusive canonicalization is desired,
   we RECOMMEND that Canonical XML 1.1 [XML-C14N11] be used.

    -- http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-CoreGeneration

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Saturday, 8 December 2007 08:00:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:22:03 GMT