W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: Canonicalization

From: Jim Schaad (Exchange) <jimsch@EXCHANGE.MICROSOFT.com>
Date: Sun, 24 Oct 1999 18:55:55 -0700
Message-ID: <EAB5B8B61A04684198FF1D0C1B3ACD194A70C0@DINO>
To: "'Ed Simon'" <ed.simon@entrust.com>, "'w3c-ietf-xmldsig@w3.org'" <w3c-ietf-xmldsig@w3.org>
Example 2 below is incorrect for the W3C Canonicalization draft.  It very
explictly states that the default name space is NEVER used.  Thus listing 2
is very wrong as it uses the default name space.  

If you think about it it makes sense as the canonicalization algorithm needs
to make sure that all three of the following produce the same output:

<digsig:Signature xmlns:digsig="http://www.w3.org/Signature/core-19991020">
  <digsig:SignedInfo>
  .....
  </digsig:SignedInfo>
</digsig:Signature>

<Signature xmlns="http://www.w3.org/Signature/core-19991020">
  <SignedInfo>
  ....
  </SignedInfo>
<Signature>

<a1:Signature xmlns:a1="http://www.w3.org/Signature/core-19991020">
  <a2:SignedInfo xmlns:a2="http://www.w3.org/Signature/core-19991020">
  ....
  </a2:SignedInfo>
</a1:Signature>

These are all "the same" in XML and thus need to produce the same hash
value.

jim

> -----Original Message-----
> From: Ed Simon [mailto:ed.simon@entrust.com]
> Sent: Sunday, October 24, 1999 3:48 PM
> To: 'w3c-ietf-xmldsig@w3.org'
> Subject: Re: Canonicalization
> 
> 
> As I understand the W3C XML Canonicalization draft, the
> canonicalized form of the <SignedInfo> element in this context
> 
> Listing 1:
> <Signature  xmlns="http://www.w3.org/Signature/core-19991020">
> 	<SignedInfo>
> 		<SignatureAlgorithm name="rsaWithSHA-1"/> 
> 		<ObjectReference>
> 			<Location HREF="http://www.w3.org"/>
> 			<Type>text/html; charset="us=ascii"</Type>
> 			<DigestAlgorithm name="sha-1"/>
> 			<DigestValue name="abc123def"/>
> 		</ObjectReference>
> 	</SignedInfo>
> 	<SignatureValue encoding="urn:base64">
> 		dd2323dd
> 	</SignatureValue>
> 	<KeyInfo>
> 		<KeyName>Solo</KeyName>
> 	</KeyInfo>
> </Signature>
> 
> would be
> 
> Listing 2:
> 	<SignedInfo>
> 		<SignatureAlgorithm name="rsaWithSHA-1"/> 
> 		<ObjectReference>
> 			<Location HREF="http://www.w3.org"/>
> 			<Type>text/html; charset="us=ascii"</Type>
> 			<DigestAlgorithm name="sha-1"/>
> 			<DigestValue name="abc123def"/>
> 		</ObjectReference>
> 	</SignedInfo>
> 
> which means no changes.  However, in typical apps, we might see
> 
> 
Received on Sunday, 24 October 1999 21:56:03 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT