Signature WG Comments to XML WG from Joseph M. Reagle Jr. on 2000-02-11 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 11 Feb 2000 13:34:25 -0500
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <3.0.5.32.20000211133425.009aba10@localhost>

I expect we should send the comments next week. This is the formal
anouncement that this will be the position that is represented as a
consensus position of the WG.

http://www.w3.org/Signature/2000/02/CanonicalXML-comments.html

Canonical XML-comments

   Author(s):
          Ed Simon, Entrust <ed.simon@entrust.com>

   The [3]XML Signature WG has reviewed the [4]19 January 2000 draft of
   Canonical XML. Though we have some non-mandatory concerns about 
   normalizing character encodings, we feel the draft meets our requirements 
   for doing "XML aware canonicalization." (We will also specify a minimal 
   canonicalization that treats the content as text only.)

   For the record, this note includes a summary of our discussions
   regarding two topics related to Canonical XML. The first topic
   is the character encoding one just mentioned; the second deals
   with the treatment of XML Fragments returned by XPath.
          
   Normalization of character encoding ([6]section 5.1 of
   Canonical XML issued 19 Jan 2000):
          The XML Signature WG sees no signature or security implications
          with respect to the normalization of character representation.
          However, as a community of XML application developers we are
          concerned that requiring implementors to do such normalization
          may be introducing more complexity than is reasonable for the
          stated benefit. No Working Group member has advocated the
          character normalization as specified and a few members have
          expressed concern about its requirements on limited processors.

   Canonicalization of XML Fragments:
          The XML Signature WG discussed whether our requirement to
          serialize and canonicalize the string-value results of XPath
          should be met by Canonical XML. ((Such that the string-value
          was a well-balanced element (as defined by [7]XML Fragment
          Interchange) that could be canonicalized). We determined that
          if even if the serialization and canonicalization of Xpath
          result is an issue for the XML Signature WG, it needs to be
          resolved by the XML Signature WG and is not an issue for the
          Canonical XML WG. In particular, the XML Signature WG will take
          responsibility for describing how to canonicalize a
          well-balanced element.

   In summary, we thank the Canonical XML WG for their efforts and look
   forward to further implementation experience and reports -- both from
   our own community and others.
     

_________________________________________________________
Joseph Reagle Jr.   
Policy Analyst           mailto:reagle@w3.org
XML-Signature Co-Chair   http://www.w3.org/People/Reagle/

Received on Friday, 11 February 2000 13:34:28 UTC