W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 1999

Parser-less verifiers

From: Ed Simon <ed.simon@entrust.com>
Date: Wed, 27 Oct 1999 16:24:37 -0400
Message-ID: <01E1D01C12D7D211AFC70090273D20B101C4A8DC@sothmxs06.entrust.com>
To: IETF/W3C XML-DSig WG <w3c-ietf-xmldsig@w3.org>
Phillip wrote

	What people are objecting to is the unnecessary canonicalization
	code you are requiring the verifier of the signature to write.
	Not all verifiers will include a DOM parser. A large number
	of verifiers will not even have access to the schema.

I can understand that signing implementations will not need to do
XML parsing because they just have to write XML, not read it.
However, it seems to me a verifier would want at least a basic
XML parser to properly process an XML Signature.
Phillip, could you elaborate a little more how
you see an XML-parser-less verifier extracting the information it needs
from an XML signature in order to verify that signature?
eg. Would it use pattern matching rather than full-blown
XML parsing?

Thanks, Ed
Received on Wednesday, 27 October 1999 16:29:03 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:08 GMT