W3C home > Mailing lists > Public > public-xmlsec@w3.org > May 2010

ACTION-543: Make proposals for the last two points noted in ISSUE-43 comments

From: Scott Cantor <cantor.2@osu.edu>
Date: Tue, 25 May 2010 12:04:00 -0400
To: <public-xmlsec@w3.org>
Message-ID: <06fe01cafc23$e3b18f80$ab14ae80$@osu.edu>
The two open issues with the schema dating back to 1.x are:

- use of mixed="true"

- the mis-typing of X509IssuerSerial as a number instead of a string

My suggestions for 2.0 are as follows (based on March WD):

Unless we have a use case for mixed content in any of the places the schema
currently specifies mixed="true" (just search for "mixed" in the WD), I
suggest we add the following text to the end of section 4 (Core Signature
Syntax):
-----
"Notwithstanding the presence of a mixed content model (via mixed="true"
declarations) in the definitions of various elements that follow, use of
mixed content in conjunction with any elements defined by this specification
is NOT RECOMMENDED.

When these elements are used in conjunction with "2.0 Mode" signatures,
mixed content MUST NOT be used."
-----

For the X509IssuerSerial issue, I suggest revising the text in section 4.5.4
about this issue (last paragraph) and replacing it with:
-----
Deployments that expect to make use of the X509IssuerSerial element should
be aware that many Certificate Authorities issue certificates with large,
random serial numbers. XML Schema validators may not support integer types
with decimal data exceeding 18 decimal digits [XML-schema]. Therefore such
deployments should avoid schema-validating the X509IssuerSerial element, or
make use of a local copy of the schema that adjusts the data type of the
X509SerialNumber child element from "integer" to "string".
-----

-- Scott
Received on Tuesday, 25 May 2010 16:04:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 25 May 2010 16:04:36 GMT