W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: FW: Base64

From: Joseph Reagle <reagle@w3.org>
Date: Tue, 28 Aug 2001 16:22:25 -0400
To: "Gregor Karlinger" <gregor.karlinger@iaik.at>, <merlin@baltimore.ie>, ht@cogsci.ed.ac.uk
Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Message-Id: <20010828202225.D321C87360@policy.w3.org>
[Henry, we could use your help in getting Xerces to adopt the erratum with 
respect to normalized values (not schema normalized values):
   http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JulSep/0052.html	
What's the status of the XML Schema Errata?
]

On Tuesday 28 August 2001 09:51, Gregor Karlinger wrote:
> <Gregor>
>   But this means that you cannot verify correctly a signature that
>   (for instance) has produced the base64 of a DigestValue in a way
>   that is different from the schema-normalized form, doesn't it?
>   Or do skip schema validation before verifying a XML signature?

If you are using a Transform such as schema validation, and you aren't 
confident in its conformance, then (unfortunately) you shouldn't use it for 
now.

>   I think this problem is quite a severe one, since many implemen-
>   tations rely on the Xerces parser. I have reported the Xerces
>   behaviour on schema-validating base64 text as a bug a while ago
>   ([1]), but unfortunately I have not convinced them.
>
>   [1] http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
>
>   I suggest that we should try a bug report once again, maybe in
>   the name of the Signature WG. Joseph?

I'm game but I've never submitted a report to Xerces -- do I need to set up 
an account? Did you respond to the resolution, it's pretty obvious they don't 
understand our issue:

  http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
  >whiteSpace facet value is collapsed for base64Binary. 
  >Thus, xerces does the  right thing.

It's doing the right thing for the schema_normalized_value, but not the 
normalized_value:

http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/#sic-attrType
  PSVI Contributions 
  for attribute information items 
  [schema normalized value]
  The ˇnormalized valueˇ of the item as ˇvalidatedˇ. 
     
But to be fair, the spec is less than clear and there should be an erratum on 
this note. (Henry?)
Received on Tuesday, 28 August 2001 16:23:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC