W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > October to December 2001

Re: Misleading sentence in 3.2.1 Reference Validation

From: Joseph Reagle <reagle@w3.org>
Date: Thu, 18 Oct 2001 09:22:18 -0400
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <20011018132219.2D3FE87356@policy.w3.org>
[To continue the time honored tradition of responding to one's self 
<smile/>]

On Wednesday 17 October 2001 13:11, Joseph Reagle wrote:
> Canonical XML and Exclusive Canonical XML do not rewrite URIs. In fact, I
> don't think any C14N or transform should be used that isn't standardized
> and reviewed. And any C14N that rewrote these URIs should have a stake
> driven through their hearts. 

As an aside, the likelihood of C14N re-writing URIs is not all that 
unlikely We considered it (in general) with respect to relative URI for 
namespaces before they were "deprecated" by XML Core, and others might for 
any sort of relative URI (this might help isolate the context). So I don't 
mean to dismiss them as something no one would ever consider, people might 
consider it, but they'll have to be *very* careful.

If you did have a C14N that absolutized relative URIs given a base URI, 
then you would still need to ensure *both* the signer and verifier c14n 
SignedInfo prior to Reference Validation.

-- 
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Thursday, 18 October 2001 09:22:19 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:14 GMT