W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: XSL WG comments on XML Signatures

From: Christopher R. Maden <crism@exemplary.net>
Date: Thu, 16 Mar 2000 15:31:19 -0800
Message-Id: <v01530501b4f71acbec39@[]>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xsl-wg@w3.org>
[John Boyer]
>Suppose a signature in a UTF-16 document contains a URI to an XML document
>that is encoded in UTF-8.  The result of the URI dereference is a UTF-8
>document, whose tag names, attributes, etc. are incomparable to the
>conditions set forth in the XPath expression.  Unless you convert the XPath
>expression to the same encoding as the XML document, or convert the XML
>document to the same encoding as the expression, then you will not be able
>to evaluate the expression.

This is incorrect.  XML and its related specifications, including XPath,
operate in the character domain, not on bytes.  An XPath in a UTF-16
document can operate on an XML document stored as UTF-8 without any
difficulty, because the characters represented by the byte patterns are
comparable.  A digital signature obviously has to choose a standard
encoding (UTF-16, I assume) to sign, but this isn't an issue for XPath.

I'm seeing a pattern that concerns me, that possibly the XML signature
effort is focusing too closely on the bit pattern representing an XML
document rather than on the document itself.  I thought that the XML
Recommendation made it clear that they were not the same thing; the
distinction between logical and physical structures in the Rec seemed
pretty complete.


Christopher R. Maden, Solutions Architect
Yomu (formerly Exemplary Technologies)
One Embarcadero Center, Ste. 2405
San Francisco, CA 94111
Received on Thursday, 16 March 2000 18:26:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:33 UTC