W3C home > Mailing lists > Public > public-xmlsec@w3.org > January 2009

RE: proposed text on DTDs for Transform Simplification: Requirements and Design

From: Brad Hill <brad@isecpartners.com>
Date: Wed, 14 Jan 2009 15:03:57 -0800
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Message-ID: <7E3B942D6F9AE64EA28CE80B7283C1EC21065F4007@exch01.isecpartners.com>

Updated:

4.2.1  Processing of DTDs

It should also be noted in the context of proposed changes to the transform processing model that canonicalization/pre-hashing algorithms to be defined for XML Signature 2.0 will not imply DTD validation and entity expansion.  The choice and order of DTD resolution and entity expansion relative to signature creation and validation would thus fall to application workflow outside of core XMLDSIG.  

This change will introduce additional complexity for applications relying on entities, but entity expansion as a mandatory part of signature validation is incompatible with core requirements of XMLDSIG.  For example, DTD processing makes time and resource requirements for core validation non-deterministic, introduces difficult-to-control resource resolution requirements and requires tight coupling between validators and signed content consumers to ensure they have the same view of DTDs.
Received on Wednesday, 14 January 2009 23:04:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:57 GMT