W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

RE: FW: Base64

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Wed, 29 Aug 2001 07:46:50 +0200
To: <reagle@w3.org>, <merlin@baltimore.ie>
Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Message-ID: <LBEPJAONIMDADHFHAEAOKEJGCIAA.gregor.karlinger@iaik.at>
Joseph,

> [Henry, we could use your help in getting Xerces to adopt the
> erratum with
> respect to normalized values (not schema normalized values):
>
> http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JulSep/0052.html
> What's the status of the XML Schema Errata?
> ]

<Gregor>
  I do not understand. In the email cited above it is stated that XML Schema
  does not provide default attributes as normalized values, but only as
  PSVI normalized attribute values. This is a problem different from what
  I have described, isn't it?
</Gregor>

> On Tuesday 28 August 2001 09:51, Gregor Karlinger wrote:
> > <Gregor>
> >   But this means that you cannot verify correctly a signature that
> >   (for instance) has produced the base64 of a DigestValue in a way
> >   that is different from the schema-normalized form, doesn't it?
> >   Or do skip schema validation before verifying a XML signature?
>
> If you are using a Transform such as schema validation, and you aren't
> confident in its conformance, then (unfortunately) you shouldn't
> use it for
> now.

<Gregor>
  The problem I have results rather form using schema validation during the
  signature processing rather than using it as a Transform:

  In our implementation, when verifying a signature, we perform as a first
  step a schema validating parsing using Xerces to check the syntax of the
  signature.

  What we expect as the result of this parsing from Xerces are the
normalized
  values. Xerces fulfills these expectations, with one exception: The value
  of base64 types is presented in schema normalized form.
</Gregor>

> >   I think this problem is quite a severe one, since many implemen-
> >   tations rely on the Xerces parser. I have reported the Xerces
> >   behaviour on schema-validating base64 text as a bug a while ago
> >   ([1]), but unfortunately I have not convinced them.
> >
> >   [1] http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
> >
> >   I suggest that we should try a bug report once again, maybe in
> >   the name of the Signature WG. Joseph?
>
> I'm game but I've never submitted a report to Xerces -- do I need
> to set up
> an account?

<Gregor>
  It is quite simple:
    1. Create an account (specify your name and email address) on page
       http://nagoya.apache.org/bugzilla/createaccount.cgi
    2. Submit bug at page
       http://nagoya.apache.org/bugzilla/enter_bug.cgi?product=Xerces-J
</Gregor>

> Did you respond to the resolution, it's pretty
> obvious they don't
> understand our issue:
>
>   http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
>   >whiteSpace facet value is collapsed for base64Binary.
>   >Thus, xerces does the  right thing.

<Gregor>
  No, unfortunately not. I mixed up things at that time and thought they
  are right.
</Gregor>

Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Wednesday, 29 August 2001 01:47:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC