W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2011

Re: Canonical XML error

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 7 Sep 2011 15:06:55 +0000
To: <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <steve.derose@openamplify.com>, <jboyer@PureEdge.com>, <w3c-ietf-xmldsig@w3.org>, <public-xmlsec@w3.org>, <cmsmcq@blackmesatech.com>, <ht@cogsci.ed.ac.uk>, <chris@w3.org>
Message-ID: <0D3622D1-841E-4B0A-8693-58AA03048D3B@nokia.com>
Thanks, Scott for the clarification.

Apologies Steve if I misread the question.

The original Canonical XML requirements stated that the result of Canonical XML should be well-formed (section 3, number 2):

http://www.w3.org/TR/1999/NOTE-xml-canonical-req-19990605

XML Security 1.1 requirements discusses the changes needed but did not change this requirement,  http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

XML Security 2.0 modified this requirement, explicitly stating that "Canonical output need not be valid XML" (section 3.3.2.2)

http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs2/Overview.html#modified-requirements

We'll have to look at this more carefully.

regards, Frederick

Frederick Hirsch
Nokia



On Sep 7, 2011, at 10:57 AM, ext Cantor, Scott wrote:

> On 9/7/11 10:51 AM, "Frederick.Hirsch@nokia.com"
> <Frederick.Hirsch@nokia.com> wrote:
>> 
>> It is  the job of an XML document author to produce well-formed XML
>> before any considerations of signing/encryption and XML Canonicalization.
>> Any required escaping happens before security processing, and there are a
>> variety of choices that can be made
>> for such escaping, as well as other representation of information.
>> Canonical XML is agnostic to these choices.
> 
> I think his point is that in the process of following the spec, c14n
> replaces those character references with the actual characters. So I think
> the result of that is non-well-formed. I can't recall if it's an explicit
> guarantee of c14n that the output be well-formed. I suspect it was a goal,
> but not a guarantee. If so, it's not a bug, but perhaps something to
> address in 2.0.
> 
> -- Scott
> 
Received on Wednesday, 7 September 2011 15:09:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 September 2011 15:09:43 GMT