- From: Phillip hallam-Baker <pbaker@verisign.com>
- Date: Mon, 5 Apr 1999 18:17:01 -0700
- To: <xml-dsig@GlobeSet.com>, "'Signed-XML Workshop'" <w3c-xml-sig-ws@w3.org>
>Do I need formal methods to assess the neutrality of a canonicalizer? You do if you have a requirement to asses an entire system using formal methods and the canonicalizer is required. I don't necessarily expect many people to be formally validating their software but experience indicates that the set of software systems which have in practice been thoroughly debugged closely resembles the set for which formal validation is possible in principle. [Of course using formal methods may well in practice rule out building systems in which XML documents are atomized, stored in a database as parsed trees and reconstituted and so the communities needing canonicalization and those needing formal methods appear to be disjoint.] >But you are correct, canonicalization shall not be a REQUIREMENT - It shall >be possible to sign at the bitstream level. Thanks, that is all I am asking for.
Received on Monday, 5 April 1999 21:18:05 UTC