Re: Canonicalization, XAdES from Juan Carlos Cruellas Ibarz on 2004-01-23 (w3c-ietf-xmldsig@w3.org from January to March 2004)

From: Juan Carlos Cruellas Ibarz <cruellas@ac.upc.es>
Date: Fri, 23 Jan 2004 11:50:02 +0100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <3.0.1.32.20040123115002.017de008@popserver.ac.upc.es>

Dear all

Just a couple of comments:

I agree with Blake's answer to the question.

Second, as we announced some months ago, a
interoperability plugtest on XAdES was organized
and hosted last November by ETSI, where several
companies and Universities attended... 
In addition to the interoperability tests on the different 
applications very fruitful discussion took place on the
specification itself, and one of the issues that deserved
more discussion was precisely the issue of the HashDataInfo
in XAdES... 
At the end of the event, a report was written and issued to ETSI....
I will contact people of ETSI to make it available (I do not know for
sure the URL where it is posted...); and one of their suggestions was
to substitute the mechanisms for the inclusion of time-stamps by another
one that implementers considered more suitable in terms of validating
that what has been time-stamped was the correct sequence of octets
mandated by the spec.....

In parallel, a review process of XAdES is taking currently place
within ETSI, and in short tems the document will be publicly available
for getting comments.... If you do not mind, I can forward it to this list....
In the meantime, I will try to make available the plugtests report.

Regards

Juan Carlos Cruellas.
At 20:10 21/01/2004 -0500, Rich Salz wrote:
>
>> So when there is no Transforms specified, there is actually no
>> canonicalization needed?
>
>No; Blake explained the rules in another message.  They are subtle.
>
>> Isn't
>> <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some
>> text</Object>
>> the proper canonicalized form?
>
>It depends; does your newline between "some" and "object" a \n or a \r or
>a \r\n?
>
>> echo -e '<Object Id="object">some text</Object>' | openssl sha1 -binary |
>> openssl base64
>> the result is never 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
>
>Because C14N imports the namespaces that are in-scope, so your echo
>statement is wrong.  You'll have to add -- properly sorted -- xmlns
>declarations for every namespace active when Object appears.
>
>        /r$
>--
>Rich Salz                  Chief Security Architect
>DataPower Technology       http://www.datapower.com
>XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
>XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html
>

Received on Friday, 23 January 2004 05:53:23 UTC