Re: Null Canonicalization Algorithm from Donald E. Eastlake 3rd on 1999-10-25 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Donald E. Eastlake 3rd <dee3@torque.pothole.com>
Date: Sun, 24 Oct 1999 23:00:08 -0400
To: w3c-ietf-xmldsig@w3.org, dee3@torque.pothole.com
Message-Id: <199910250300.XAA02362@torque.pothole.com>

After some further thought, I've concluded that the Minimal
Canonicalization doesn't make much sense for XML either.  See separate
message.

Donald

From:  "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com>
Resent-Date:  Wed, 20 Oct 1999 16:54:41 -0400 (EDT)
Resent-Message-Id:  <199910202054.QAA12620@www19.w3.org>
Message-ID:  <EAB5B8B61A04684198FF1D0C1B3ACD194A70A5@DINO>
To:  "'Solo, David'" <david.solo@citicorp.com>, w3c-ietf-xmldsig@w3.org
Date:  Wed, 20 Oct 1999 13:54:23 -0700

>Dave,
>
>I'm sorry, but the draft states that you are not going to use NULL for XML.
>>From the draft "This algorithm is appropriate for applications where the
>resource to be signed is not XML, or where the XML document will be exactly
>preserved".
>
>jim
>
>> -----Original Message-----
>> From: Solo, David [mailto:david.solo@citicorp.com]
>> Sent: Wednesday, October 20, 1999 5:26 AM
>> To: jimsch@EXCHANGE.MICROSOFT.com; w3c-ietf-xmldsig@w3.org
>> Subject: RE: Null Canonicalization Algorithm
>> 
>> 
>> At least at the moment, we still have two c14n algorithms, 
>> one for signedInfo 
>> and one for objects.  I agree with your statement as it 
>> applies to objects; but 
>> I'm not sure about it for SignedInfo.   In SignedInfo, the 
>> c14n alg is 
>> mandatory, so you'd need a NULL alg ID if you wanted to sign 
>> the data as 
>> transmitted.   I'd suggest leaving the alg ID there until we 
>> resolve the 
>> question about fixing the SignedInfo c14n alg.
>> 
>> Dave
>> 
>> > -----Original Message-----
>> > From: jimsch [mailto:jimsch@EXCHANGE.MICROSOFT.com]
>> > Sent: Tuesday, October 19, 1999 6:22 PM
>> > To: w3c-ietf-xmldsig
>> > Cc: jimsch
>> > Subject: Null Canonicalization Algorithm
>> > 
>> > 
>> > Given the text in section 4.3.3 about transformations only be 
>> > applied if
>> > they are listed, and the text in section 1.3.3 "If no 
>> Transformations
>> > element is present, the data pointed at by Location is 
>> > digested directly".
>> > I believe that we can remove the NULL canonicalization 
>> > algorithm from the
>> > document.  The algorithm basically states that you do no 
>> > changes on the
>> > input before hashing it.  This is the same thing as the text 
>> > in section
>> > 1.3.3 says.
>> > Note:  It might be wise to copy this comment to section 4.3.3 
>> > as well for
>> > people to easily see it during implemenation.
>> > Recommend:  Remove NULL Canonicalization algorithm from the 
>> > document in all
>> > locations.
>> > jim schaad

Received on Sunday, 24 October 1999 23:00:12 UTC