W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2000

RE: XSL WG comments on XML Signatures

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Wed, 22 Mar 2000 10:11:04 +0100
To: "Martin J. Duerst" <duerst@w3.org>, "John Boyer" <jboyer@PureEdge.com>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xsl-wg@w3.org>
Message-ID: <NDBBIMACDKCOPBLEJCCDAEAKCEAA.gregor.karlinger@iaik.at>
> >The problem is that if one application reads a UTF-8 document
> and leaves it
> >in UTF-8, then the output will be UTF-8, which implies one
> digest value.  If
> >another tool reads the UTF-8 then converts to UTF-16 because of some
> >limitation on their XPath expression engine, then the output
> will be UTF-16
> >(unless they take the special effort of converting back to UTF-8 (???) to
> >overcome the limitation of their toolset).  So, a signature
> created by the
> >first product would not verify in the second product.
>
> I guess the only thing that makes sense here is to define
> that the XPath serializer produce output in a single specific
> encoding. I guess that would most probably be UTF-8.

... or simply add another transform afterwards which is doing
XML canonicalization as recommended by the current XML-Signature
draft to avoid such problems.

Regards, Gregor
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Wednesday, 22 March 2000 04:12:58 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:09 GMT