W3C home > Mailing lists > Public > xml-dist-app@w3.org > June 2003

Re: New Attachments Issues

From: Tony Graham <Tony.Graham@Sun.COM>
Date: Wed, 11 Jun 2003 16:24:48 +0100
Message-ID: <16103.18880.245485.841002@tenso.ireland.sun.com>
To: XMLP Dist App <xml-dist-app@w3.org>

Rich Salz wrote at 11 Jun 2003 10:54:50 -0400:
 > >> I thought the expectation was that dig-sig or encryption would work on
 > >> canonical base64 representation of the data.
 > 
 > Yuk.

Section 8, Security Considerations, of paswa61.html does begin:

   Given that SOAP processing happens post inclusion, signatures over
   elements with xbinc:Include children MUST NOT be signatures over
   the xbinc:Include element and its href attribute; signatures MUST
   be over the included data. Current XML signature algorithms require
   signing the included data as base64-encoded characters; the lexical
   form of such characters SHOULD be canonicalized.

 > Crypto operations should work on the "real" data, not a translation of 
 > it.  XML DSIG defines a base-64 transform to make it easy to send base64 
 > data, but you're supposed to decode it before operating on it.

Signing the base64-encoded "lexical space" representation has been
mentioned several times on this list.  My first post from yesterday
showed some of them.

Regards,


Tony Graham
------------------------------------------------------------------------
XML Technology Center - Dublin
Sun Microsystems Ireland Ltd                       Phone: +353 1 8199708
Hamilton House, East Point Business Park, Dublin 3            x(70)19708
Received on Wednesday, 11 June 2003 11:22:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:14 GMT