W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

RE: XML and canonicalization

From: Phillip M Hallam-Baker <pbaker@verisign.com>
Date: Wed, 27 Oct 1999 14:37:00 -0400
To: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <001e01bf20aa$417b6c00$6e07a8c0@pbaker-pc.verisign.com>
> 	If it were practical to always carry along a particular
> surface representation, there would never have been any pressure to
> design DER (Distinguished Encoding Rules) which provides a unique
> external serialization of the true internal ASN.1 data.

Even Steve Kent can probably be made to agree that nobody knows of 
a system in which X.509 certificates are parsed into components and 
signatures stored separately and then rebuilt.

Most of the real world certificate applications in the world
generate DER encoding but accept BER encoding. In fact the number
of faulty DER encodings is such that if applications were to
depend on DER encodings they would break.


> >Instead of canonicalization, specify a syntax constraint. This might 
> >state for example that the signed octets presented were presented with
> >null space eliminated, tags fully epanded and attributes sorted into
> >alphabetical order.
> 
> Yes, you could canonicalize at "print" time rather than at signature
> and at verification time, throwing away the readability and
> flexibility of XML.  Of course, nothing that passes the result or
> verifies the signature could use SAX or DOM unless it was willing to
> re-canonicalize it (in which case it is unclear what you gained by
> canonicalizing at print time).  They would have to use proprietary
> home-brew processing.

I fail to discern any meaning in the above paragraph.

For the generator the only constraint imposed by the proposed syntax
constraint is that it would have to sign and deliver canonical form.

'print time'? 'proprietary'? I fail to see any connection to the
proposal.


> I haven't the faintest idea why, in such a contentious area, you think
> this issue was ever closed in this WG.  

When someone starts a post "I have been re-thinking this issue", that
implies to me that they want to re-open it. 

However since you then proceeded to make exactly the same argument
that you did the first time round it was not exactly 're-thinking'. 

If the issue is indeed 'contentious' then it looks a little odd if
the Working group chair starts staking out such a committed 
interpretation of it. I take it then that we are agreed that there
is not a consensus?

> I'm sorry that you don't like XML and wish it were a different animal
> than it is. 

Don, don't try to patronize me. I was using XML before it had a name.


		Phill
Received on Wednesday, 27 October 1999 14:35:42 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT