- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 14 Nov 2000 15:30:47 -0500
- To: hal@finney.org, "Hiroshi Maruyama" <MARUYAMA@jp.ibm.com>
- Cc: xml-encryption@w3.org
At 12:41 11/12/2000 -0800, hal@finney.org wrote: >Are there reasons for continuing to consider serialization and >canonicalization issues? The thing it shares with Signature is the scenario of changing a document that is not signed/encrypted. (And as Hiroshi raised later, once processed, the changes done by Canonical XML will happen by any XML1.0 processor). So for instance, if I encrypt a portion of a document that document goes through a workflow where people tweak the data, and then decrypt it, will there be any problems. Two issues identified at the workshop (and probably before) include namespaces and encoding: 1. If I changed or even explicitly specified a namespace where it was implicit before, it might change how the encrypted chunk should have qualified itself with respect to the inheritance and nesting. 2. If a document was encoded in UTF-16, a chunk is encrypted, and the document is subsequently processed and spit out using UTF-8, what happens to the resulting serialization? However, I too believe transforms might night be necessary (unless the actual application InfoSet is changed in this process [1], otherwise, the receiver see XML regardless and will parse it as usual. [1] http://lists.w3.org/Archives/Public/xml-encryption/2000Nov/0030.html __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 14 November 2000 15:36:08 UTC