- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 21 May 1999 13:57:34 -0400
- To: "XML-DSig Workshop" <w3c-xml-sig-ws@w3.org>
A new C14N Requirements document should be published soon... If you take issue with any of these points, or the RD, please let me know! Forwarded Text ---- Date: Thu, 20 May 1999 02:18:21 -0700 From: "Joel A. Nava" <joelnava@pacbell.net> To: XML Syntax WG <w3c-xml-syntax-wg@w3.org> Subject: Some key info for the C14N WD Status: O The meeting minutes discussing the first draft RD http://lists.w3.org/Archives/Member/w3c-xml-syntax-wg/1999Apr/0103.html had a number of suggestions that should be part of the WD, and not the RD. So I am recording them here. 1) We should have a motherhood note that says to beware of taking signed documents into text editors, if they want the C14N to be the same before and after, and thus not break the security. 2) New Co-IETF/W3C working group is being formed for XML-DSig. Joseph will probably be the formal liaison between the 2 groups. 3) We expand all entities and put them in place. We no longer know where the entity boundaries are in the C14N form of the document. 4) DOCTYPE not part of C14N version. But, we use all the available DTD information to create the C14N version, but there is no DTD in the C14N form. 5) Put motherhood note in WD to explain namespaces are better for document references than the reference to the DTD in the DOCTYPE declaration. 6) Note in WD, that people may want to make docs standalone if DTD availability is in doubt. 7) Making a non normative appendix with an Algorithm for making any XML document standalone='yes'. 8) We haven't found a satisfactory solution to the problem of whatever we omit from the canonical form, we can't really test (except the slightly useful argument from silence---if a processors doesn't do anything in response to X and it shouldn't do anything in response to X then that's something at least) Note that there is a distinction between things we don't preserve in the canonical form but we still act on (things like entity inclusion and attribute defaulting)---these are fine for processor conformance testing---and things that we just throw out, like notations. The canonical form as it currently stands is useless in testing conformance in certain aspects of XML processing, notations being a good example. Validity being another. Perhaps we will need to list the things in the InfoSet that we do not preserve. Since most of the things we do not preserve are in the DTD, then we conformance test the results of the document instance, minus a few things that we have decided to remove from the Instance InfoSet. 9) Another motherhood note: If low on processing power use byte level conformance for XML-DSig. 10) What about extra processing by an application? You can build it into a C14N processor if you want, but now it is not a conforming C14N processor, it's an application specific C14N processor. End Forwarded Text ---- ___________________________________________________________ Joseph Reagle Jr. http://www.w3.org/People/Reagle/ Policy Analyst mailto:reagle@w3.org
Received on Friday, 21 May 1999 13:57:36 UTC