RE: Minimal Canonicalization from Martin, Cynthia E. on 2009-05-18 (public-xmlsec@w3.org from May 2009)

From: Martin, Cynthia E. <cemartin@mitre.org>
Date: Mon, 18 May 2009 17:06:55 -0400
To: Pratik Datta <pratik.datta@oracle.com>, XMLSec WG Public List <public-xmlsec@w3.org>
CC: "Martin, Cynthia E." <cemartin@mitre.org>
Message-ID: <6A913BB6ED2E2C43AC275462A83E68490BFAEED6F2@IMCMBX3.MITRE.ORG>

Sorry about that- I wasn't clear.  I wanted to know if your proposal for canonicalization transform simplification would fit into this category.

Regards, Cynthia

-----Original Message-----
From: Pratik Datta [mailto:pratik.datta@oracle.com] 
Sent: Monday, May 18, 2009 12:31 PM
To: XMLSec WG Public List
Cc: Martin, Cynthia E.
Subject: Fwd: Minimal Canonicalization

Forwarding Cynthia's email to the group.

Cynthia, I don't think I understood your email. What do you mean by 
"your idea of limiting these" ? Which idea are you talking about?

As discussed in the F2F, I will be writing up a draft spec of C14n v2.0, 
and XML signature v2.0. The C14N algorithm will be "parameterized" - 
e.g. it will have parameters for trimWhitespace, sortAttributes, 
rewritePrefixes etc. Passing in false for all these parameters will 
result in a minimal canonicalization, whereas passing in true will 
result in a very robust canonicalization that can survive shredding and 
reconstruction.  I am also thinking of assigning names to sets of 
parameter values, i.e.we could define the name 
"minimialCanononicalization" to be   trimWhitespace=false, 
sortAttribute=false, ....

Pratik

Martin, Cynthia E. wrote:
> Good Morning,
>
> I am a new member of the working group and I was just reviewing RFC 4051 during the call on 5/12.  The RFC says the following:
>
> http://www.ietf.org/rfc/rfc4051.txt?number=4051
>
> 2.4.  Minimal Canonicalization
>
>    Thus far two independent interoperable implementations of Minimal
>    Canonicalization have not been announced.  Therefore, when XML
>    Digital Signature was advanced from Proposed Standard [RFC3075] to
>    Draft Standard [RFC3275], Minimal Canonicalization was dropped from
>    the standards track documents.  However, there is still interest in
>    Minimal Canonicalization, indicating its possible future use.  For
>    its definition, see [RFC3075], Section 6.5.1.
>
> Could your idea of limiting these update this RFC?  Just wondering.
>
> Regards, Cynthia
>
>

Received on Monday, 18 May 2009 21:07:35 UTC