W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: Question for Implementors (Was: Schema Validation Transform)

From: Joseph Reagle <reagle@w3.org>
Date: Mon, 10 Sep 2001 12:48:19 -0400
To: merlin <merlin@baltimore.ie>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20010910164819.C94938747E@policy.w3.org>
On Thursday 06 September 2001 13:45, merlin wrote:
> WRT the PR review comment, it seems inconsistent that we say
> *don't* schema validate, but *maybe* DTD validate. I know
> that this has been a question from at least one customer, so
> some clarification might be in order. I'd vote for *don't*
> validate against an external DTD either. We've nailed down
> implicit serialization (c14n); implicit parsing might be
> good too.

Well fortunately, I'm don't think XML1.0 (DTD) validation will affect the 
instance all that much: introduces changes that survive C14N. We don't use 
default attributes/values in the signature DTD. We do define internal 
entities which require validating parsing, but I just added some text to 
1.3 saying while we use them for editorial purposes, they aren't 
recommended in actual instances.

Can anyone else think of anything that would break (survive C14N) where one 
party validated the signature, and the other didn't? (Or even yet, run a 
test?)

Can we leave it up to the application by permitting it to include the 
DOCTYPE with DTD reference or not? (This was my assumption.)

How many people actually DTD validate during their processing?
Received on Monday, 10 September 2001 12:49:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC