W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 1999

RE: Namespace treatment for C14N

From: Richard D. Brown <rdbrown@GlobeSet.com>
Date: Thu, 10 Jun 1999 14:09:16 -0500
To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, <dee3@us.ibm.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <000b01beb374$bd450d30$0bc0010a@artemis.globeset.com>
Joseph,

You cannot use the URI String directly. The URI string might not respect the
Name construct that is mandated by the XML-namespace specification (see
Qname). Therefore, if you use the URI String, the canonical representation
would not be valid XML.

On the other hand, the proposal made by Don and Hiroshi does abide by the
'fixed point property' and leads to valid XML.

BEFORE CANONICALIZATION

<dsig:element xmlns:dsig='http://w3c-xmldsig'>

CANONICAL REPRESENTATION assuming 0125FC23D.. := MD5(http://w3c-xmldsig)

<_0125FC23D..:element xmlns:_0125FC23D..='http://w3c-xmldsig'>

SECOND CANONICALIZATION same assumption

<_0125FC23D..:element xmlns:_0125FC23D..='http://w3c-xmldsig'>

Notice that the canonical representation is valid XML and abides by the
'fixed point property.'

Sincerely,

Richard D. Brown
Software Architect - R&D
GlobeSet, Inc. Austin, TX - U.S.




> -----Original Message-----
> From: w3c-ietf-xmldsig-request@w3.org
> [mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Joseph M. Reagle
> Jr.
> Sent: Tuesday, June 08, 1999 1:35 PM
> To: dee3@us.ibm.com
> Cc: w3c-ietf-xmldsig@w3.org
> Subject: Re: Namespace treatment for C14N
>
>
> At 12:14 PM 6/8/99 -0400, dee3@us.ibm.com wrote:
>  >It's the hash of the URI, not the hash of what the URI points to.
>
> That's how I first read it and thought, "that doesn't abide
> by the 'fixed
> point property.' " But I thought, why bother? So I reread the
> following
> "expanded"
>
>  > >2. Hex coding of MD5 of the Expanded URI is used as the
> new prefix.
>
> to read fetch the resource for security; which still didn't
> abide by the
> fixed point property.
>
> A hash of a hash will still be a different hash regardless if
> the first was
> generated from the URI string or it's resource.
>
> So:
> 1. Why bother with a hash of the URI string? Why not use the URI?
> 2. Is it worth losing "fixed point" because of it?
>
> _________________________________________________________
> Joseph Reagle Jr.
> Policy Analyst      mailto:reagle@w3.org
> XML-DSig Co-Chair   http://w3.org/People/Reagle/
>
Received on Thursday, 10 June 1999 15:11:33 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:06 GMT