- From: merlin <merlin@baltimore.ie>
- Date: Tue, 16 Jul 2002 18:37:00 +0100
- To: reagle@w3.org
- Cc: "Takeshi Imamura" <IMAMU@jp.ibm.com>, xml-encryption@w3.org
r/reagle@w3.org/2002.07.16/12:22:15 >On Tuesday 16 July 2002 11:34 am, merlin wrote: >> You're recalling my earlier confusion which turned out to be misplaced. >> The c14n is performed internally within the decryption transform; it is >> not the signature canonicalization; and it is fixed as standard c14n. >> This is the final c14n-with-replacement/parse step done by the >> decryptXML() function. So we have no choice but to solve the problem, and >> it doesn't have an impact on subsequent signature c14n/exc-c14n >> processing. > >Let me walk through it in detail... > > <Document xml:lang="ie"> > <Foo id="foo-1" /> > <Signature xmlns="&dsig;"> ... > <Reference URI="#foo-1"> ... > <Transform Algorithm="&decrypt;XML" /> > <Transform Algorithm="&exc-c14n;" /> ... > </Signature> > </Document> > >Since I'm using exc-c14n, the signed form of <Foo> does not have the >xml:lang attribute. You're missing the decryption transform processing which is defined to perform canonicalization-with-replacement, even if there are no EncryptedData elements in the input node set. As a result, the output of the first transform will include the inherited xml: attribute. The subsequent exclusive canonicalization will strip unused namespaces, but not this xml: attribute. merlin
Received on Tuesday, 16 July 2002 13:37:42 UTC