W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2011

Re: Canonical XML error

From: Cantor, Scott <cantor.2@osu.edu>
Date: Wed, 7 Sep 2011 14:57:48 +0000
To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "steve.derose@openamplify.com" <steve.derose@openamplify.com>
CC: "jboyer@PureEdge.com" <jboyer@PureEdge.com>, "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>, "cmsmcq@blackmesatech.com" <cmsmcq@blackmesatech.com>, "ht@cogsci.ed.ac.uk" <ht@cogsci.ed.ac.uk>, "chris@w3.org" <chris@w3.org>
Message-ID: <CA8CFE4E.148EA%cantor.2@osu.edu>
On 9/7/11 10:51 AM, "Frederick.Hirsch@nokia.com"
<Frederick.Hirsch@nokia.com> wrote:
>
>It is  the job of an XML document author to produce well-formed XML
>before any considerations of signing/encryption and XML Canonicalization.
>Any required escaping happens before security processing, and there are a
>variety of choices that can be made
> for such escaping, as well as other representation of information.
>Canonical XML is agnostic to these choices.

I think his point is that in the process of following the spec, c14n
replaces those character references with the actual characters. So I think
the result of that is non-well-formed. I can't recall if it's an explicit
guarantee of c14n that the output be well-formed. I suspect it was a goal,
but not a guarantee. If so, it's not a bug, but perhaps something to
address in 2.0.

-- Scott
Received on Wednesday, 7 September 2011 14:59:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 September 2011 14:59:44 GMT