W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > July to September 2011

Re: Canonical XML error

From: <Frederick.Hirsch@nokia.com>
Date: Wed, 7 Sep 2011 15:06:55 +0000
To: <cantor.2@osu.edu>
CC: <Frederick.Hirsch@nokia.com>, <steve.derose@openamplify.com>, <jboyer@PureEdge.com>, <w3c-ietf-xmldsig@w3.org>, <public-xmlsec@w3.org>, <cmsmcq@blackmesatech.com>, <ht@cogsci.ed.ac.uk>, <chris@w3.org>
Message-ID: <0D3622D1-841E-4B0A-8693-58AA03048D3B@nokia.com>
Thanks, Scott for the clarification.

Apologies Steve if I misread the question.

The original Canonical XML requirements stated that the result of Canonical XML should be well-formed (section 3, number 2):


XML Security 1.1 requirements discusses the changes needed but did not change this requirement,  http://www.w3.org/2008/xmlsec/Drafts/xmlsec-reqs/Overview.html

XML Security 2.0 modified this requirement, explicitly stating that "Canonical output need not be valid XML" (section


We'll have to look at this more carefully.

regards, Frederick

Frederick Hirsch

On Sep 7, 2011, at 10:57 AM, ext Cantor, Scott wrote:

> On 9/7/11 10:51 AM, "Frederick.Hirsch@nokia.com"
> <Frederick.Hirsch@nokia.com> wrote:
>> It is  the job of an XML document author to produce well-formed XML
>> before any considerations of signing/encryption and XML Canonicalization.
>> Any required escaping happens before security processing, and there are a
>> variety of choices that can be made
>> for such escaping, as well as other representation of information.
>> Canonical XML is agnostic to these choices.
> I think his point is that in the process of following the spec, c14n
> replaces those character references with the actual characters. So I think
> the result of that is non-well-formed. I can't recall if it's an explicit
> guarantee of c14n that the output be well-formed. I suspect it was a goal,
> but not a guarantee. If so, it's not a bug, but perhaps something to
> address in 2.0.
> -- Scott
Received on Wednesday, 7 September 2011 15:09:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:41 UTC