W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

RE: Poll on Exclusive Canonicalization

From: John Boyer <JBoyer@PureEdge.com>
Date: Mon, 18 Jun 2001 10:17:12 -0700
Message-ID: <7874BFCCD289A645B5CE3935769F0B520C33F1@tigger.PureEdge.com>
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Cc: "Donald Eastlake" <dee3@torque.pothole.com>, <lde008@dma.isg.mot.com>


Hi Joseph,

I'm sure that option 1 is not good, but unless the limitations imposed
by this problem are acceptable, then perhaps the WG may need to spend
more time generating and considering alternatives.  Here is the problem
with option 2 that originally made us not use it within c14n:

It is virtually impossible to assess whether a given namespace
declaration is being used within a given XML subtree.  While it is
possible to determine whether the start tags of an element and its
descendants utilize a namespace declaration, it is not possible to
determine the intent of attribute values and element character content.
To wit, within the dsig markup, an XML namespace declaration may be used
only within the character content of an <XPath> element.  Moreover, what
about generic <Object> elements, which could contain arbitrary XML?

==================================================================

Note that the algorithm identifiers for excluding c14n seem to be the
same in 6.5.2 as those for inclusive in 6.5.1.  This is probably just a
copy paste error.

So, namespaces used by XPath expressions in XPath elements would need to
be declared.  Doesn't seem like a big problem to me.  

Namespaces used by XML in Objects has to be declared.  Make this the
responsibility of the application that creates the Object.  Doesn't seem
like a big deal.

Use of exclusionary c14n outside of the limited context of signing
SignedInfo seems problematic from an implementers standpoint.  What is
the plan here?

Aside from these issues which need to be addressed, I find option 2
preferrable.

Thanks,
John Boyer
Senior Product Architect, Software Development
Internet Commerce System (ICS) Team
PureEdge Solutions Inc. 
Trusted Digital Relationships
v: 250-708-8047  f: 250-708-8010
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>  	
 	
Received on Monday, 18 June 2001 13:17:43 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:13 GMT