RE: Section 4.3.3.2 from John Boyer on 2001-07-27 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: John Boyer <JBoyer@PureEdge.com>
Date: Fri, 27 Jul 2001 14:36:19 -0700
To: "Joseph M. Reagle Jr." <reagle@w3.org>, "Dournaee, Blake" <bdournaee@rsasecurity.com>
Cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, <w3c-ietf-xmldsig@w3.org>, "Shi, Angela" <ashi@rsasecurity.com>
Message-ID: <7874BFCCD289A645B5CE3935769F0B520C3438@tigger.PureEdge.com>

Hi Joseph and Blake,

If C14N is called with a node-set, then it processes the node-set.  Only
if it is called with an octet stream does it behave as if running an
XPath that eliminates comments.  Therefore to retain the default
behavior of stripping comments, we defined the processing model for
References as stripping the comments out.

As to why comment stripping is the default and required c14n, the WG
decided that comment stripping represented the lowest common denominator
XML processor, which is not strictly required to provide comments to the
calling application.

John Boyer
Senior Product Architect, Software Development
Internet Commerce System (ICS) Team
PureEdge Solutions Inc. 
Trusted Digital Relationships
v: 250-708-8047  f: 250-708-8010
1-888-517-2675   http://www.PureEdge.com <http://www.pureedge.com/>  	

-----Original Message-----
From: Joseph M. Reagle Jr. [mailto:reagle@w3.org]
Sent: Friday, July 27, 2001 2:24 PM
To: Dournaee, Blake; John Boyer
Cc: Donald E. Eastlake 3rd; w3c-ietf-xmldsig@w3.org; Shi, Angela
Subject: Re: Section 4.3.3.2

At 19:37 7/9/2001, Dournaee, Blake wrote:
>We have a question about the XML DSig spec regarding Section 4.3.3.2,
>Reference Processing Model.
...
>Consider the following clarification, and please let us know if this is
the
>correct interpretation:
>
>"
>When a same-document reference (1) or a bare fragment identifier (2) is
used
>as a URI Reference,  it must be dereferenced as an XPath node-set. This

>node-set must have ALL comments stripped from it  (e.g. equivalent to 
>passing the node-set through an arbitrary 'comment stripping' 
>transformation) before canonicalization is used. The type of 
>canonicalization used is orthogonal to the stripping of all comments.
For 
>example, comments must still be stripped even if a canonicalization
method 
>that preserves comments is used.
>"
>And finally, why must comments be stripped anyway?

I too am a little foggy on the relationship of XPointer and comments
here. 
The appropriate text is:

http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-Same-D
ocument
>...
>5. if the URI is not a full XPointer, then delete all comment nodes
>...
>The last step is performed for null URIs, barename XPointers and child 
>sequence XPointers. To retain comments while selecting an element by an

>identifier ID, use the following full XPointer:
URI='#xpointer(id('ID'))'. 
>To retain comments while selecting the entire document, use the
following 
>full XPointer: URI='#xpointer(/)'. This XPointer contains a simple
XPath 
>expression that includes the root node, which the second to last step
above 
>replaces with all nodes of the parse tree (all descendants, plus all 
>attributes, plus all namespaces nodes).

Since one has the option of deciding which c14n to use (the implicit
without 
comments, or an explicit with comments, or an explicit without) I no
longer 
remember why the XPath nodeset processing needs this final step? John?

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 27 July 2001 17:36:57 UTC