Additional Canonical EXI comment

I have additional question/comments on the "Canonical EXI" FPWD specification, http://www.w3.org/TR/exi-c14n/

(1) How are the choice of EXI Options and Schema Options recorded with the canonical form - so for example, it can be archived and the signature verified at a later time? 

Perhaps this should be defined as part of the Canonical EXI specification, to make explicit the options that matter to canonicalization and how they are recorded with the canonical form.

If only known out of band this could severely limit the use cases for which signatures would be useful.

(2) In section 2.4 the following is not clear

"However, due to increased code footprint and processing complexity, Canonical EXI processors MUST support only EXI input streams that use the according datatype representation already. Be aware of this restriction when passing EXI streams to a recipient that is required to create the canonical EXI form."

Does it mean the following?

"Canonical EXI processors MUST be able to process input streams that only support String representations. The reason is to allow simpler and smaller implementations. This restriction is important when passing a stream to an implementation that creates a canonical EXI form."

(3) It might be helpful in section 3.2 to indicate how the recipient distinguishes the ds:Signature element (containing signature value and algorithm/hash information) from the EXI stream and thus excludes it from the calculation. 

Presumably this is done via the ds:Reference in the signature referring to the enclosing EXI document and thus acting as an enveloped signature, though a detached signature should also be possible.

(4) The section "Resolutions" might better be named "Assumptions"

4.1 typo, replace "The working group conducted " with "The working group concluded "

4.3 why is plain text XML an issue for EXI canonicalization (Canonical XML can be used for XML)

consider removing: "However, character model normalization may become an issue when working with plain-text XML."

(5) References

I think referencing Canonical XML 1.1 might be more appropriate than 1.0: http://www.w3.org/TR/2008/REC-xml-c14n11-20080502/

[[

Canonical XML Version 1.1 is a revision to Canonical XML Version 1.0 to address issues related to inheritance of attributes in the XML namespace when canonicalizing document subsets, including the requirement not to inherit xml:id, and to treat xml:base URI path processing properly.

]]


(6) Specification cover page

I was surprised not to see a link to an Editors draft nor to be able to find one from the EXI WG home page, I would expect such a link.

I hope these comments are helpful

regards, Frederick

Frederick Hirsch
Nokia

===

Earlier comment:

Not a technical comment, but I notice that the "Canonical EXI" specification should include references to XML Signature 1.1 and XML Encryption 1.1 when referenced in section 3.1

e,g, "EXI Canonicalization may be used as a canonicalization method algorithm in XML Signature [XMLDSIG-CORE1] and XML Encryption [XMLENC-CORE1]."

along with the corresponding references

http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/

http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/


====

Received on Tuesday, 1 October 2013 20:05:58 UTC