W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

Re: Comments on last call draft

From: TAMURA Kent <kent@trl.ibm.co.jp>
Date: Tue, 14 Mar 2000 15:12:31 +0900
Message-Id: <200003140612.PAA13942@ns.trl.ibm.com>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>

> <John>
> It does not matter what the byte order mark was when your Java processor
> read the document.  What matters is the byte order used by the internal
> character representation.  When you use your Java processor to read a
> document containing an XML signature, you will eventually call some function
> to get the XPath transform expression string for evaluation.  What format is
> it in?  You must know this or you won't be able to do anything with the
> expression.  Since you DO know the format (byte order and encoding), all I'm
> requiring is that you actually send this information to the XPath transform
> expression evaluator.
> </John>

java.lang.String instances in Java is always encoded as UTF-16
(its byte order is fixed in a JVM).  So applications need not to
know string's encoding and byte order.  Probably in other
platforms, characters from XML documents are encoded as one
encoding.


Kent> I think no one implements exact order.  I may request for
Kent> Xalan/LotusXSL team to make output of XPath lex-order.
> <John>
> Counterexample: the Clark parser hands off the attributes in exact order.

Ok, I withdraw my opinion, "no one implements ...".


> Exact order processing was requested by those with low-capacity devices who
> wanted to minimize processing of the XML received. If special care is taken
> in the application design, then an XML processor would not even be needed
> (or something small like Clark's parser could be used).  Further, an XPath
> expression evaluator would not be needed if special care is taken in the
> application design.  Nonetheless, the signatures of this application would
> still be expressed according to the 'standard' and would therefore be
> verifiable by a fully standards compliant, generic program.

XML tools have to process XML documents according to XML
Information Set even in low-capacity environment.  Many XML
tools assume they may change attributes order.  If the XML
Signature, which is an open standard, standardized exact order
even optionally, it would tear down interoperability of XML.

If you do not agree with me, discuss with XML Core WG.

I think it is better to use the PKCS7 'standard' in such
low-capacity environment.


> If your implementation can't support exact order, the two questions I have
> are 1) why can't you just throw an exception, and 2) if you'd prefer not to
> do that, then how hard is it really to make it work?

This is a problem not about our implementation, but about
interoperability of XML.

-- 
TAMURA Kent @ Tokyo Research Laboratory, IBM
Received on Tuesday, 14 March 2000 01:13:12 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT