W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2002

exc c14n bugs

From: merlin <merlin@baltimore.ie>
Date: Tue, 04 Jun 2002 17:03:21 +0100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <20020604160321.4075E4432D@yog-sothoth.ie.baltimore.com>


Thanks to the useful discussion on exclusive c14n from
Aleksey and Christian, I think we can now say that there
are bugs in both the Specification and the Method. It is
a pity these didn't come up earlier:

Ref: http://www.w3.org/Signature/Drafts/xml-exc-c14n.html

1) Bug in the Specification

Consider the following document:
  <A xmlns="http://example.org/">
    <b:B xmlns:b="http://example.org/b" xmlns="">
      <C xmlns="http://example.org/">
    </b:B>
  </A>

Because we inherit xmlns="" behaviour from c14n, this
will be rendered so:
  <A xmlns="http://example.org/">
    <b:B xmlns="" xmlns:b="http://example.org/b">
      <C></C>
    </b:B>
  </A>

This is wrong (C is now in the wrong namespace). It should 
be rendered:
  <A xmlns="http://example.org/">
    <b:B xmlns:b="http://example.org/b">
      <C></C>
    </b:B>
  </A>

The following addition to the Specification would correct
this:

4. If the token representing the default namespace is
   not present in InclusiveNamespace.PrefixList, then
   xmlns="" is rendered with a namespace axis iff:
     1. The element E that owns the namespace axis is in the
        node set, visibly utilizes the default namespace, and 
        has no default namespace node in the node set
     2. The nearest output ancestor of E that visibly
        utilizes the default namespace has a default namespace
        node in the node set.

2) Bug in the Method

The method handles neither the default namespace being
absent, nor namespace nodes being omitted correctly.

3.:
  Render xmlns="" iff:
  1. The default namespace is visibly utilized by the element
     node, or the default prefix token is present in
     InclusiveNamespaces.PrefixList.
  2. The element does not have a default namespace node in the
     node set
  3. The default namespace prefix is present in the
     dictionary ns_rendered.
3.1:
  s/list/dictionary/
3.2:
  Push a copy of the dictionary ns_rendered onto the state
  stack. Add the rendered namespace nodes to ns_rendered,
  replacing any existing entries. Remove every prefix that
  is visibly utilized by the element node, but does not have
  a namespace node in the node set. Remove every prefix that
  is present in InclusiveNamespaces.PrefixList but does not
  have a namespace node in the node set. Recurse.

This still does not render namespace nodes in
InclusiveNamespace.PrefixList on elements that are not in
the node set. Another addition would be necessary to support
that, and my brain is becoming enfeebled.

merlin
Received on Tuesday, 4 June 2002 12:03:53 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT