W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2001

Re: Question for Implementors (Was: Schema Validation Transform)

From: Joseph Reagle <reagle@w3.org>
Date: Wed, 12 Sep 2001 12:43:12 -0400
To: merlin <merlin@baltimore.ie>
Cc: XML Signature WG <w3c-ietf-xmldsig@w3.org>
Message-Id: <20010912164312.EF48E8735D@policy.w3.org>
On Tuesday 11 September 2001 08:09, you wrote:
> But, do we desire a statement in the spec to the effect that if you have
> same-document references and validation may introduce default values,
> you should be careful to either validate the document before signing,
> or else explicitly specify all defaultable values?


http://www.w3.org/Signature/Drafts/xmldsig-core/#sec-CoreGeneration
$Revision: 1.120 $ on $Date: 20
3.1.2.3
...
Note, if the Signature is enveloped or enveloping, [XML] or [XML-schema] 
validation of the document might introduce changes that break the 
signature. Consequently, applications should be careful to consistently 
process the document or refrain from using external contributions (e.g., 
defaults and entities).

> 2. Implicit parsing of octet resources
> Options:
>
> a) Leave it implementation-specific.
>
> b) Specify that validated parsing is mandatory.
>
> c) Specify that well-formed parsing is mandatory. Specify a new
>    transform for DTD validation, just as we have one for schema
>    validation. Aside: Internal DTD subsets are always applied, even in
>    well-formed parsing mode.

I suppose we should do (c). I'd suggest the following as RECOMMENDED
	http://www.w3.org/2000/09/xmldsig#XML-Validate
What do others think?
Received on Wednesday, 12 September 2001 12:44:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:36 UTC