W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2000

Re: Serialization and canonicalization

From: <hal@finney.org>
Date: Mon, 13 Nov 2000 21:59:55 -0800
Message-Id: <200011140559.VAA08550@finney.org>
To: MARUYAMA@jp.ibm.com, xml-encryption@w3.org
Cc: EB91801@jp.ibm.com
Perhaps there is a consensus that it is enough to preserve the information
set.  I am more familiar with encryption protocols where the desire
is to preserve the totality of the information as exactly as possible.
In those protocols, encryption is done to protect sensitive data while
it is exposed insecurely, and then after decryption the data needs to
be returned to its original form.

The main question is whether XML decrypted data needs to be kept
as human-readable as the original data format.  The example I have
in mind is a document author who is using XML for markup, and who
encrypts sensitive portions of the document while it is in an insecure
environment.  When he later decrypts them he might be unhappy if his text
has been significantly altered, for example entity references replaced.
Perhaps I am misunderstanding of the scope and purpose of the XML
encryption capability.

If decrypted data only needs to be machine readable then preserving the
information set should be enough.

Hal Finney
PGP Security


> From: "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
> Date: Tue, 14 Nov 2000 14:33:49 +0900
>
> It is true that C14N makes irreversible changes to XML documents.
> However, it is also true that you can NOT exactly preserve an
> XML document (I mean, as a character string) if you use an XML
> processor as described in XML 1.0 specification.  A conformant
> processor MUST normalize attribute values, for example.
> A conformat processor may discard information on how many
> white space characters appeared in between attributes,
> as another example.
>
> In other words, applications rely on XML processors to extract
> logical information expressed in XML.  This logical information
> is collectively called Information Set.  It is unfortunate that
> Information Set was not defined PRIOR TO XML 1.0, but still
> I believe that subsequent XML-related specifications should
> be defined in terms of Information Set.  When I say "preserve
> information", I mean "preserve information set".
>
> If we assume that XML documents are processed by conformat
> XML processors before passed to an application, it is Information
> Set that the application sees.  Therefore, preserving textual
> representation is not important here.
>
> Hiroshi
>
> --
> Hiroshi Maruyama
> Manager, Internet Technology, Tokyo Research Laboratory
> +81-46-215-4576
> maruyama@jp.ibm.com
Received on Tuesday, 14 November 2000 00:59:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT