W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2009

Proposed Signature 1.1 warning re serialization

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Sat, 16 May 2009 08:17:54 -0400
Message-Id: <E3DFE51D-4AD6-4C66-AF1D-CD30DC71616A@nokia.com>
To: XMLSec WG Public List <public-xmlsec@w3.org>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>
I propose we add the following text to XML Signature 1.1 in section  
3.2.1 (Reference Validation) at the end of the section , as a second  
note:

Note - After a Signature element has been created in Signature  
Generation for a signature with a same document reference, an  
implementation can serialize the XML content with variations in that  
serialization. This means that Reference Validation needs to  
canonicalize the XML document before digesting in step 1 to avoid  
issues related to variations in serialization.

This should complete ACTION-289.

regards, Frederick

Frederick Hirsch
Nokia
Received on Saturday, 16 May 2009 12:18:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:58 GMT