W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: XSL WG comments on XML Signatures

From: Christopher R. Maden <crism@exemplary.net>
Date: Thu, 16 Mar 2000 15:31:19 -0800
Message-Id: <v01530501b4f71acbec39@[209.157.137.68]>
To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xsl-wg@w3.org>
[John Boyer]
>Suppose a signature in a UTF-16 document contains a URI to an XML document
>that is encoded in UTF-8.  The result of the URI dereference is a UTF-8
>document, whose tag names, attributes, etc. are incomparable to the
>conditions set forth in the XPath expression.  Unless you convert the XPath
>expression to the same encoding as the XML document, or convert the XML
>document to the same encoding as the expression, then you will not be able
>to evaluate the expression.

This is incorrect.  XML and its related specifications, including XPath,
operate in the character domain, not on bytes.  An XPath in a UTF-16
document can operate on an XML document stored as UTF-8 without any
difficulty, because the characters represented by the byte patterns are
comparable.  A digital signature obviously has to choose a standard
encoding (UTF-16, I assume) to sign, but this isn't an issue for XPath.

I'm seeing a pattern that concerns me, that possibly the XML signature
effort is focusing too closely on the bit pattern representing an XML
document rather than on the document itself.  I thought that the XML
Recommendation made it clear that they were not the same thing; the
distinction between logical and physical structures in the Rec seemed
pretty complete.

-Chris

--
Christopher R. Maden, Solutions Architect
Yomu (formerly Exemplary Technologies)
One Embarcadero Center, Ste. 2405
San Francisco, CA 94111
Received on Thursday, 16 March 2000 18:26:46 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT