W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: IETF Signed-XML BOF Notes

From: Phillip hallam-Baker <pbaker@verisign.com>
Date: Mon, 5 Apr 1999 18:17:01 -0700
Message-ID: <00c201be7fcb$4261d8f0$42060a0a@pbaker-pc2.verisign.com>
To: <xml-dsig@GlobeSet.com>, "'Signed-XML Workshop'" <w3c-xml-sig-ws@w3.org>


>Do I need formal methods to assess the neutrality of a canonicalizer?

You do if you have a requirement to asses an entire system
using formal methods and the canonicalizer is required.

I don't necessarily expect many people to be formally
validating their software but experience indicates that
the set of software systems which have in practice been
thoroughly debugged closely resembles the set for which
formal validation is possible in principle.

[Of course using formal methods may well in practice rule
out building systems in which XML documents are atomized,
stored in a database as parsed trees and reconstituted and
so the communities needing canonicalization and those
needing formal methods appear to be disjoint.]

>But you are correct, canonicalization shall not be a REQUIREMENT - It shall
>be possible to sign at the bitstream level.

Thanks, that is all I am asking for.
Received on Monday, 5 April 1999 21:18:05 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:03 EDT