W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > May 1999

Some key info for the C14N WD

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 21 May 1999 13:57:34 -0400
Message-Id: <3.0.5.32.19990521135734.009f14e0@localhost>
To: "XML-DSig Workshop" <w3c-xml-sig-ws@w3.org>
A new C14N Requirements document should be published soon... If you take
issue with any of these points, or the RD, please let me know!

Forwarded Text ----
 Date: Thu, 20 May 1999 02:18:21 -0700
 From: "Joel A. Nava" <joelnava@pacbell.net>
 To: XML Syntax WG <w3c-xml-syntax-wg@w3.org>
 Subject: Some key info for the C14N WD
 Status:  O
 
 The meeting minutes discussing the first draft RD
 http://lists.w3.org/Archives/Member/w3c-xml-syntax-wg/1999Apr/0103.html
 
 had a number of suggestions that should be part of the
 WD, and not the RD. So I am recording them here.
 
 1) We should have a motherhood note that says to beware of taking
 signed documents into text editors, if they want the C14N to be the
 same before and after, and thus not break the security.
 
 2) New Co-IETF/W3C working group is being formed for XML-DSig.
 Joseph will probably be the formal liaison between the 2 groups.
 
 3) We expand all entities and put them in place. We no longer
 know where the entity boundaries are in the C14N form of the
 document.
 
 4) DOCTYPE not part of C14N version. But, we use all the
 available DTD information to create the C14N version, but
 there is no DTD in the C14N form.
 
 5) Put motherhood note in WD to explain namespaces are better
 for document references than the reference to the DTD in the
 DOCTYPE declaration.
 
 6) Note in WD, that people may want to make docs standalone if
 DTD availability is in doubt.
 
 7) Making a non normative appendix with an Algorithm for making
 any XML document standalone='yes'.
 
 8) We haven't found a satisfactory solution to the problem of whatever
 we omit from the canonical form, we can't really test (except the
 slightly useful argument from silence---if a processors doesn't do
 anything in response to X and it shouldn't do anything in response
 to X then that's something at least)
 
 Note that there is a distinction between things we don't preserve
 in the canonical form but we still act on (things like entity
 inclusion and attribute defaulting)---these are fine for processor
 conformance testing---and things that we just throw out,
 like notations. The canonical form as it currently stands is useless
 in testing conformance in certain aspects of XML processing,
 notations being a good example. Validity being another.
 
 Perhaps we will need to list the things in the InfoSet that we do
 not preserve. Since most of the things we do not preserve are in
 the DTD, then we conformance test the results of the document
 instance, minus a few things that we have decided to remove
 from the Instance InfoSet.
 
 9) Another motherhood note: If low on processing power use byte
 level conformance for XML-DSig.
 
 10) What about extra processing by an application? You can build it
 into a C14N processor if you want, but now it is not a conforming
 C14N processor, it's an application specific C14N processor.
 
End Forwarded Text ----
___________________________________________________________
Joseph Reagle Jr.  http://www.w3.org/People/Reagle/
Policy Analyst     mailto:reagle@w3.org
Received on Friday, 21 May 1999 13:57:36 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 11:28:05 EDT