W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2000

Re: Serialization and canonicalization

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Tue, 14 Nov 2000 15:30:47 -0500
Message-Id: <4.3.2.7.2.20001114153006.02a6db88@rpcp.mit.edu>
To: hal@finney.org, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
Cc: xml-encryption@w3.org
At 12:41 11/12/2000 -0800, hal@finney.org wrote:
>Are there reasons for continuing to consider serialization and
>canonicalization issues?

The thing it shares with Signature is the scenario of changing a document 
that is not signed/encrypted. (And as Hiroshi raised later, once processed, 
the changes done by Canonical XML will happen by any XML1.0 processor). So 
for instance, if I encrypt a portion of a document that document goes 
through a workflow where people tweak the data, and then decrypt it, will 
there be any problems. Two issues identified at the workshop (and probably 
before) include namespaces and encoding:
1. If I changed or even explicitly specified a namespace where it was 
implicit before, it might change how the encrypted chunk should have 
qualified itself with respect to the inheritance and nesting.
2. If a document was encoded in UTF-16, a chunk is encrypted, and the 
document is subsequently processed and spit out using UTF-8, what happens to 
the resulting serialization?

However, I too believe transforms might night be necessary (unless the 
actual application InfoSet is changed in this process [1], otherwise, the 
receiver see XML regardless and will parse it as usual.

[1] http://lists.w3.org/Archives/Public/xml-encryption/2000Nov/0030.html


__
Joseph Reagle Jr.
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/People/Reagle/
Received on Tuesday, 14 November 2000 15:36:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT