"RE: Support of IEEE float; Canonical XML" from Paul Pierce on 2009-05-20 (public-exi-comments@w3.org from May 2009)

From: Paul Pierce <prp@teleport.com>
Date: 20 May 2009 23:19:03
To: "Taki Kamiya" <tkamiya@us.fujitsu.com>, "EXI Comments" <public-exi-comments@w3.org>
Message-ID: <paul.20090517t091326z.1@msi945g3/192.168.1.127>

> At the same time, it is incumbent and no less important for EXI to be compatible
> with the XML stack as it exists today which is entirely built on top of XML
> Infoset. For this reason, EXI enables the reproduction canonicalized XML from
> EXI given an adequate fidelity option, as it is mentioned in EXI Best Practices
> document [2].

It seems possible to specify that the option Preserve.lexicalValues would impy that floats (at least) are stored in character form. This would free the standard to use any reasonable binary representation when Preserve.lexicalValues is not present, while preserving the ability to reproduce canonical XML when Preserve.lexicalValues is set.

The practices outlined in Best Practices with respect to security are, as noted in my last comment, actually very poor practice. To fix this for XML signatures it will be necessary, as you said, to identify a set of canonical EXI representations (with identifying URI's) based on specified sets of options (probably none of which include Preserve.lexicalValues). For encryption it will be necessary to identify or specify a mechanism for encrypting EXI fragments instead of just encrypting XML and stuffing the result into an EXI stream. Once these tasks are complete, it will be possible to rewrite the Best Practices security section without mentioning canonical XML or the Preserve.lexicalValues option, and so that it reflects good practice in security. (None of this would affect the ability to generate repeatable canonical XML using Preserve.lexicalValues, but since thats not good for anything, especially if you have a lot of data, it will not be necessary to mention it in Best Practices, nor will it be necessary to worry much about its efficiency.)

If its necessary to complete EXI before defining canonical EXI (dangerous, in my opinion) then as a bare minimum it is important to remove the requirement in Best Practices that Preserve.lexicalValues be used regardless of the method of canonicalization.


Paul Pierce

Received on Thursday, 21 May 2009 06:55:09 UTC