Re: AW: AW: AW: KeyName white space from merlin on 2001-05-15 (w3c-ietf-xmldsig@w3.org from April to June 2001)

From: merlin <merlin@baltimore.ie>
Date: Tue, 15 May 2001 15:58:51 +0100
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>
Cc: "Tom Gindin" <tgindin@us.ibm.com>, w3c-ietf-xmldsig@w3.org
Message-Id: <20010515145852.5096444459@yog-sothoth.ie.baltimore.com>

Hi Gregor,

If you choose to write a document using a lossy encoding then
all nonrepresentable characters will be corrupt - dnames, key names,
signed data, attributes, etc. - I suspect that lost dnames
would be the least of your worries. Indeed, if it is reasonable
to use a lossy encoding, then it is probably reasonable to
assert that any dnames in the signature should be representable
in that encoding too.

The benefits of encoding dnames in unicode (human readability
of signed documents for all, rather than just the US-ASCII)
I think far outweigh the alternative.

Merlin

r/gregor.karlinger@iaik.at/2001.05.15/15:14:22
>Merlin,
>
>> There's another issue that seems relevant. RFC 2253 states
>> that strings must be converted to UTF-8 and then the escaping
>> rules must be applied. Do we honour this, or should we UTF-8
>> decode the RFC2253 string before embedding it in the text node.
>>
>> Essentially, should the final example in RFC 2253 be encoded
>> in XML as:
>>
>> UTF-8 encode and require ASCII escaping of high-bit-set chars:
>>   SN=3DLu\C4\8Di\C4\87
>>
>> UTF-8 encode and embed the result directly:
>>   SN=3DLu??i?? (where ? is a high-bit UTF-8 byte directly embedded)
>>   (Here the meaning is confusing because the UTF-8 encoded
>>    text will correspond to some other Unicode charactes, e.g. =C4)
>>
>> De-UTF-8 and embed the Unicode original:
>>   SN=3DLu?i? (where ? is the original character)
>>
>> The last seems like the best option to me.
>
>Doesn't this mean that you MUST use UTF-8 encoding for the XML
>document, i. e. that it is impossible to use ASCII or ISO_8859*
>since you insert a text node (the DN) which characters are Unicode?
>
>If so, should we really introduce such a restriction?
>
>Liebe Gruesse/Regards,
>---------------------------------------------------------------
>DI Gregor Karlinger
>mailto:gregor.karlinger@iaik.at
>http://www.iaik.at
>Phone +43 316 873 5541
>Institute for Applied Information Processing and Communications
>Austria
>---------------------------------------------------------------
>
>


-----------------------------------------------------------------------------
Baltimore Technologies plc will not be liable for direct,  special,  indirect 
or consequential  damages  arising  from  alteration of  the contents of this
message by a third party or as a result of any virus being passed on.

In addition, certain Marketing collateral may be added from time to time to
promote Baltimore Technologies products, services, Global e-Security or
appearance at trade shows and conferences.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.
   http://www.baltimore.com

Received on Tuesday, 15 May 2001 10:59:43 UTC