> >The problem is that if one application reads a UTF-8 document > and leaves it > >in UTF-8, then the output will be UTF-8, which implies one > digest value. If > >another tool reads the UTF-8 then converts to UTF-16 because of some > >limitation on their XPath expression engine, then the output > will be UTF-16 > >(unless they take the special effort of converting back to UTF-8 (???) to > >overcome the limitation of their toolset). So, a signature > created by the > >first product would not verify in the second product. > > I guess the only thing that makes sense here is to define > that the XPath serializer produce output in a single specific > encoding. I guess that would most probably be UTF-8. ... or simply add another transform afterwards which is doing XML canonicalization as recommended by the current XML-Signature draft to avoid such problems. Regards, Gregor --------------------------------------------------------------- Gregor Karlinger mailto://gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------Received on Wednesday, 22 March 2000 04:12:58 GMT
This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT