RE: Test Case with xml-dsig from John Boyer on 2005-02-07 (public-xml-id@w3.org from February 2005)

From: John Boyer <JBoyer@PureEdge.com>
Date: Mon, 7 Feb 2005 11:20:17 -0800
To: "Norman Walsh" <Norman.Walsh@Sun.COM>, "Joseph Reagle" <reagle@mit.edu>
Cc: "Gabe Wachob" <gwachob@wachob.com>, <public-xml-id@w3.org>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <7874BFCCD289A645B5CE3935769F0B52750782@tigger.pureedge.com>

C14N isn't "just plain broken" with respect to xml:id.

C14N was produced years before xml:id and therefore 
"does not support" xml:id.

Moreover, it cannot be modified to do so without also
upgrading XPath, which also "does not support" xml:id.

The only way to get these applications to support xml:id
is to declare this attribute as being of type ID in the DTD.

I would very much love to see a new C14N algorithm
(which would naturally have a new algorithm URI),
but I would like to see it because I think we need 
one that respects XML Schema.

Note that XML Schema can declare something to be an ID,
and C14N "does not support" that either.

But the big win for doing a schema-aware C14N is the ability
to solve the one truly important problem that we knew of
but could not solve at the state of technology available
at the time: distinguishing relevant from non-relevant whitespace.
(At the time, we could have tried to do this with DTDs,
but we would not have been able to get agreement for
a recommendation in a timely fashion).

John Boyer, Ph.D.
Senior Product Architect and Research Scientist
PureEdge Solutions Inc.


-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of Norman Walsh
Sent: Monday, February 07, 2005 11:06 AM
To: Joseph Reagle
Cc: Gabe Wachob; public-xml-id@w3.org; w3c-ietf-xmldsig@w3.org
Subject: Re: Test Case with xml-dsig


/ Joseph Reagle <reagle@mit.edu> was heard to say:
| problems with respect to versioning of XML. For example, is the 
| canonicalization of xml:ID correct when used with the existing 
| specifications?

Inclusive canonicalization seems to be just plain broken with respect
to xml:id.

| What happens to the info set?

I think the right thing happens in the infoset. Applications concerned
with digital signatures and security are probably going to want to
assert that either xml:id process is (or is not, but I hope they
choose 'is') performed as part of the encryption/signature process.

                                        Be seeing you,
                                          norm

-- 
Norman.Walsh@Sun.COM / XML Standards Architect / Sun Microsystems, Inc.
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.

Received on Monday, 7 February 2005 19:21:01 UTC