W3C home > Mailing lists > Public > public-xmlsec-maintwg@w3.org > May 2007

Re: xmldsig-core: Updated editor's draft

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 24 May 2007 18:18:18 +0200
To: Sean Mullan <Sean.Mullan@Sun.COM>
Cc: public-xmlsec-maintwg@w3.org
Message-ID: <20070524161818.GI32379@raktajino.does-not-exist.org>

On 2007-05-23 17:33:45 -0400, Sean Mullan wrote:

> The Reference Processing Model (section 4.3.3.2) requires that signature
> applications use Canonical XML 1.0 [XML-C14N] when a transformation that
> would expect an octet-stream as input is applied to a node-set. 

"The Reference Processing Model (section 4.3.3.2) requires use of
Canonical XML 1.0 [XML-C14N] as default processing behavior when a
transformation is expecting an octet-stream, but the data object
resulting from URI dereferencing or from the previous transformation
in the list of Transform elements is a node-set."

(Folding in Juan Carlos' proposed change and word-smithing a bit
more.)

> We RECOMMEND that, when generating signatures, signature
> applications do not rely on this default behavior, but explicitly
> identify the transformation that is applied to perform this
> mapping. In cases in which inclusive canonicalization is desired,
> we RECOMMEND that Canonical XML 1.1 [XML-C14N11] be used.

sounds good to me

> Section 4.3.3.2 change:
> 
> Note: The Reference Generation Model (section 3.1.1) includes further
> restrictions on the reliance upon implicitly defined default
> transformations by signature generators.
> 
> To:
> 
> Note: The Reference Generation Model (section 3.1.1) includes further
> restrictions on the reliance upon implicitly defined default
> transformations by applications that generate signatures.

I'd suggest this:

"Note: The Reference Generation Model (section 3.1.1) includes
further restrictions on the reliance upon defined default
transformations when applications generate signatures."

(The default is defined quite explicitly, among other things.)

> Section 6.5 change:
> 
> This specification REQUIRES implementation of both Canonical XML 1.0
> [XML-C14N] and Canonical XML 1.1 [XML-C14N11]. We RECOMMEND that
> generators chose Canonical XML 1.1 [XML-C14N11] when inclusive
> canonicalization is desired.
> 
> To (also note typo s/chose/choose):
> 
> This specification REQUIRES implementation of both Canonical XML 1.0
> [XML-C14N] and Canonical XML 1.1 [XML-C14N11]. We RECOMMEND that
> applications that generate signatures choose Canonical XML 1.1
> [XML-C14N11] when inclusive canonicalization is desired.

Sounds good to me.

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Thursday, 24 May 2007 16:18:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:21:59 GMT