W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2001

RE: Poll on Exclusive Canonicalization

From: John Boyer <JBoyer@PureEdge.com>
Date: Wed, 20 Jun 2001 10:27:48 -0700
Message-ID: <7874BFCCD289A645B5CE3935769F0B521962B0@tigger.PureEdge.com>
To: "merlin" <merlin@baltimore.ie>, "Joseph M. Reagle Jr." <reagle@w3.org>
Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, "Donald Eastlake" <dee3@torque.pothole.com>, <lde008@dma.isg.mot.com>

Hi Merlin,

Don has already stated that the URIs for an exclusive c14n transform are
typos.  The table appearing a little above the section you read has the
correct URIs that distinguish c14n from exclusive c14n.  

John Boyer

-----Original Message-----
From: merlin [mailto:merlin@baltimore.ie]
Sent: Wednesday, June 20, 2001 10:18 AM
To: Joseph M. Reagle Jr.
Cc: IETF/W3C XML-DSig WG; Donald Eastlake; lde008@dma.isg.mot.com
Subject: Re: Poll on Exclusive Canonicalization 


Apologies for being post-deadline.

I have qualms about pushing XMLDSIG out the door without protocol
(exclusive c14n) because this will have a major impact on many dependent
standard efforts, and they may wind up with various uncomfortable

I also have significant qualms about delaying XMLDSIG because this will
have a major impact on many dependent standard efforts.

Iff we can define, implement and interop an exclusive c14n that
basic protocol needs (noninheritance of namespaces and xml:* attributes)
to the satisfaction of, for example, XKMS over SOAP, and this will not
significantly delay the standards processes, then I would vote for 2.

If there will be any significant process delays then I would vote for 1.

I do not claim a sufficient understanding of the relevant processes
to know whether a significant delay would occur. For reference, an
offhand implementation of an exclusive C14N took all of 15 minutes,
so I am not particularly concerned about implementation delays.

And, as a sidenote, I dislike the URIs &c14n;, &c14n;#WithComments,
&c14n;#XXX, &c14n;#XXX-WithComments. IMO, it is a nasty misuse of
the URI. I would advocate exclusivity being specified by including an
Exclusive (or whatever) child element which can contain any desired


>Members of the WG (and particularly implementors represented in the
>matrix), it's important that we know which direction you would like us
>take. So please respond, on the list, to the following poll by end of
>June 18th.
>With respect to the issue of excluding ancestor context from the
>form of a signature[1], the WG should pursue option:
>1. Specify the exclusive canonicalization as part of the non-normative
>required to implement) dsig-more specification [2].
>2.Specify the exclusive canonicalization as part of the normative 
>xmldsig-core  as proposed in [3] (but with the URIs of [4]) as
>RECOMMENDED, OPTIONAL]. (This option requires interoperable
>of this feature before xmldsig advances.)
>Donald & Joseph
>[2] http://www.w3.org/2001/04/xmldsig-more
>[4] http://www.w3.org/2000/09/xmldsig#excC14N
>      http://www.w3.org/2000/09/xmldsig#excC14N-WithComments
>Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
>W3C Policy Analyst                mailto:reagle@w3.org
>IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
>W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Wednesday, 20 June 2001 13:28:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC