W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2000

RE: question on latest spec

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 16 Nov 2000 12:15:11 -0500
Message-Id: <4.3.2.7.2.20001116120636.02ab63f8@rpcp.mit.edu>
To: Kevin Regan <kevinr@valicert.com>
Cc: w3c-ietf-xmldsig@w3.org, "John Boyer" <jboyer@PureEdge.com>, TAMURA Kent <kent@trl.ibm.co.jp>, Petteri Stenius <Petteri.Stenius@done360.com>, merlin <merlin@baltimore.ie>, Gregor Karlinger <gregor.karlinger@iaik.at>
At 14:10 11/15/2000 -0800, Kevin Regan wrote:
>...
>Interoperability with non-validating processors might be a noble cause,
>but it may cause many more problems for those (the majority?) using
>validating processors.  I predict a large number of problems down the
>road for many applications...

Hi Kevin,

To change this decision (and the momentum) in the present specification you 
need to:
1. Forge a new consensus that it needs to be changed.
2. Show the existing consensus/position should be reconsidered given new 
evidence.

If you can get a bunch of folks (particularly the implementors) to advocate 
this change, we'll re-open the issue. Or if it's clear that white spaces are 
being mangled in transport or that everyone is using validating parsers 
anyway we can also re-open the issue.

However, momentum seems to be carrying the day and we don't have any 
specific evidence (I don't think) to counter our previous expectations on 
white space and validating parsers.

>It seems that most folks will not be getting the expected results
>with signatures.  Any transport that modifies insignificant white space
>will break the signature.  I would assume that in most protocols that
>send XML documents, insignficant white space is removed for efficiency
>reasons.  In addition, whenever a document is displayed (such as in IE),
>the spacing is changed (in fact, the spacing of the examples at the end
>of the XML C14N spec are probably spaced according to the displaying
>application).  Finally, the size of a document can not be minimized when
>being stored because the signature would break.
>
>
>
>--Kevin
>
>-----Original Message-----
>From: John Boyer [mailto:jboyer@PureEdge.com]
>Sent: Wednesday, November 15, 2000 2:06 PM
>To: Kevin Regan
>Cc: w3c-ietf-xmldsig@w3.org
>Subject: RE: question on latest spec
>
>
>Hi Kevin,
>
>The reason is signature interoperability with non-validating processors.
>
>I empathize, though :)
>
>Thanks,
>John Boyer
>
>
>-----Original Message-----
>From: Kevin Regan [mailto:kevinr@valicert.com]
>Sent: Wednesday, November 15, 2000 1:50 PM
>To: John Boyer
>Cc: w3c-ietf-xmldsig@w3.org
>Subject: RE: question on latest spec
>
>
>
>What is the reason for doing this?  Isn't the exclusion of insignificant
>white space one of the key forms of equivalence?  XML documents can be
>displayed and handled in many different ways, with white space being
>added
>or removed from element content at various steps.  In general, this is
>not a problem if a DTD is being used.  The meaning of the document
>is clear.  However, this form of equivalence is eliminated in the XML
>C14N
>specification.  Why?
>
>Sincerely,
>Kevin Regan
>
>
>-----Original Message-----
>From: John Boyer [mailto:jboyer@PureEdge.com]
>Sent: Wednesday, November 15, 2000 1:12 PM
>To: Kevin Regan; w3c-ietf-xmldsig@w3.org
>Cc: Joseph Reagle
>Subject: RE: question on latest spec
>
>
>Hi Kevin,
>
>Actually, Section 2.10 of the XML spec makes it quite clear that all XML
>processors must be capable of providing to the application ALL
>whitespace
>within the document element.  Validating processors must further be
>capable
>of telling the application whether a given whitespace character appeared
>in
>element content, i.e. was insignificant.
>
>Many implementers of validating processors allow the application
>developer
>to configure whether the whitespace should simply be discarded.
>
>The statement you've come across in Section 2.1 is telling you how to
>configure your validating parser.  You MUST set it so that all
>whitespace is
>reported to the canonicalizer.
>
>NOTE: I don't see any harm in throwing out insignificant whitespace
>*before*
>the document is signed.  In other words, the original document accessed
>by
>the user from the web may have insignificant whitespace that your
>application strips out before even presenting the information content to
>the
>end-user.  Once the end user affixes a signature, though, any
>insignificant
>whitespace that gets added to the signed document will break the
>signature.
>
>John Boyer
>Development Team Leader,
>Distributed Processing and XML
>PureEdge Solutions Inc.
>Creating Binding E-Commerce
>v: 250-479-8334, ext. 143  f: 250-479-3772
>1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>
>
>
>
>-----Original Message-----
>From: w3c-ietf-xmldsig-request@w3.org
>[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Kevin Regan
>Sent: Sunday, November 12, 2000 6:20 PM
>To: w3c-ietf-xmldsig@w3.org
>Subject: question on latest spec
>
>
>
>I've been a way on other activities for a while, and have just recently
>gotten back to
>the XML C14N specification.  I came across the following in section 2.1:
>
>"All whitespace within the root document element MUST be preserved
>(except for any #xD characters deleted by line delimiter normalization).
>This includes all whitespace in external entities. Whitespace outside of
>the root document element MUST be discarded."
>
>I'm assuming that this means white space that is presented after the
>document is processed
>by the XML processor.  When a validating XML processor reads in a
>document against a DTD,
>insignificant white space is removed.  This is not the white space that
>the specification is
>referring to, is it?
>
>Sincerely,
>Kevin Regan


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Thursday, 16 November 2000 14:27:17 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:11 GMT