W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: Decryption Transform processing question

From: Takeshi Imamura <IMAMU@jp.ibm.com>
Date: Fri, 26 Apr 2002 15:43:34 +0900
To: reagle@w3.org
Cc: Ari Kermaier <arik@phaos.com>, "Hiroshi Maruyama" <maruyama@jp.ibm.com>, xml-encryption@w3.org
Message-ID: <OF731F2241.17EDA576-ON49256BA7.00218AF0@LocalDomain>

>>    1. Convert X to an octet stream as described in The Reference
>>       Processing Model (section 4.3.3.2) of the XML Signature
>>       specification [XML-Signature].
>>
>> <AK> Apply XML-C14N to node-set X defined above. </AK>
>
>Now that we have the option, is there any reason to use exc-14n instead of
>c14n? Takeshi, Hiroshi ?

I thought this and found that there is a case where exc-c14n does not work.
Suppose that we have the following document:

<a xmlns="ns1" xmlns:p="ns2">
  <b>...</b>
  <p:c>...</p:c>
</a>

and then encrypt the <p:c> element.  The document will be as follows:

<a xmlns="ns1" xmlns:p="ns2">
  <b>...</b>
  <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData>
</a>

Then, suppose that we provide the node-set corresponding to the document to
the transform.  If we use exc-c14n instead of c14n, we will have the
following document:

<a xmlns="ns1">
  <b>...</b>
  <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData>
</a>

where it is noted that the namespace declaration attribute for ns2 is
removed.  Because of this, we should fail to parse the decrypted document.
If I missed something, please let me know.

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com
Received on Friday, 26 April 2002 02:43:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:21 GMT