W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2002

Re: Interop and c14n(x) != c14n(c14n(x))

From: merlin <merlin@baltimore.ie>
Date: Tue, 28 May 2002 14:40:29 +0100
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: reagle@w3.org, w3c-ietf-xmldsig@w3.org
Message-Id: <20020528134029.681284432D@yog-sothoth.ie.baltimore.com>

Hi Christian,

r/geuer-pollmann@nue.et-inf.uni-siegen.de/2002.05.24/21:47:22
>--On Freitag, 24. Mai 2002 18:47 +0100 merlin <merlin@baltimore.ie> wrote:
>> If you want a detailed discussion of the disconnect between
>> the XPath info set concept of the namespace axis and DOM,
>> look back at some of the threads from one or two years ago.
>> I know I contributed my confusion to some of them.
>
>The only thing I've seen was something like this:
>
><http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000OctDec/0036.html>

That's probably one of the discussions..

>Would it be possible that you create some obfuscated nodesets in a 
>signature to have a good test vector? I mean canonicalizing a node set 
>which omits xmlns:*, xmlns and xml:* attributes in both element which are 
>part of the node set and elements which are not included in the node set.
>
>That would be VERY nice. In all other test vectors I use for unit testing 
>and interop, I don't have such esoteric node sets.

Sure, I'll try sending along something.

>It's not that important, just an idea. If you take this fragment and you 
>take all nodes but the notIncluded element into the node set:
>
><included xml:foo="bar" xml:lang="de">
><notIncluded>
><included>
></included>
></notIncluded>
></included>
>
>Then Canonical XML produces the following octet stream:
>
><included xml:foo="bar" xml:lang="de">
>
><included xml:foo="bar" xml:lang="de">
></included>
>
></included>
>
>If you canonicalize this octet stream again, you get
>
><included xml:foo="bar" xml:lang="de">
>
><included>
></included>
>
></included>

That's not correct; repeated xml:* attributes are not suppressed,
they are emitted at every element that defines them.

>That was what I wanted to express with "c14n(node set X) != c14n(c14n(node 
>set X))"
>
>But I see that this is not only the case for the xml:* attributes but also 
>leading and trailing whitespace which is outside the "new" document element 
>after c14n. 

Whitespace is probably the best example; other examples that (now)
come to mind would be canonicalizing multiple disjoint elements,
node sets that omit parts of the namespace axis, etc.

Merlin
Received on Tuesday, 28 May 2002 09:41:12 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:15 GMT