W3C home > Mailing lists > Public > xml-encryption@w3.org > October 2001

Re: Question about EncryptedType

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Fri, 26 Oct 2001 12:04:12 +0900
To: reagle@w3.org, bdournaee@rsasecurity.com
Cc: xml-encryption@w3.org
Message-ID: <OFBBF9F531.33977A3E-ON49256AF0.00475586@LocalDomain>


Joseph,

>Technically speaking, I'd argue they are *not* in conflict. 4.1 says to
>serialize, and 5.9 says one of those ways to serialize is c14n. However, I
>do agree with you that it makes one wonder when one should use c14n. I
>don't think anything in xenc requires c14n. If you need to c14n, it would
>relate to integration with xmldsig. Based on my email [1] with Takeshi
>regarding the Decryption Transform, it might not even be needed there.
>
>So Takeshi, where does one use c14n when used with xmldsig, and should we
>say it is recommended at all?

The c14n is useful in a case, for example, where the outer context of the
fragment which was signed and then encrypted may be changed.  Otherwise the
validation of the signature over the fragment may fail because c14n may
include unnecessary namespaces into the fragment.  In this case, the
decryption transform does not help.  So I think that c14n should be
recommended.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Thursday, 25 October 2001 23:04:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT