- From: Daniel Veillard <veillard@redhat.com>
- Date: Mon, 24 Jan 2005 12:48:32 -0500
- To: Elliotte Harold <elharo@metalab.unc.edu>
- Cc: public-xml-id@w3.org
On Mon, Jan 24, 2005 at 11:51:37AM -0500, Elliotte Harold wrote: > I think the canonical XML spec clearly intended that all attributes in > the XML namespace have scope over their descendants, but that's not > really true for xml:id. Arghh, this sounds like a bug in XML Canonicalization v 1.0, the assumption on any future extensions of the XML namespace sounds way out of scope to me. I would be surprized if they really expected that effect. > This probably has downstream implications for XML digital signatures and > XML encryption, both of which depend on canonicalization. > > Exclusive XML canonicalization does not inherit xml: attributes, and so > does not have this problem. > > I am not sure what to suggest as a fix. It is still possible to > canonicalize a document that uses xml:id. However, the results could be > quite unexpected and perhaps dangerous. IMHO this should be raised as a bug in XML Canonicalization v 1.0 > I wish I had a good answer here. I don't. I do think this should be > discussed, and whatever resolution is reached needs to be called out in > the spec to warn people about this. Looking at libxml2 implementation of c14n it seems affected by this, damn ... Daniel -- Daniel Veillard | Red Hat Desktop team http://redhat.com/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
Received on Monday, 24 January 2005 17:48:34 UTC