- From: Chris Lilley <chris@w3.org>
- Date: Mon, 24 Jan 2005 18:55:22 +0100
- To: Daniel Veillard <veillard@redhat.com>
- Cc: Elliotte Harold <elharo@metalab.unc.edu>, public-xml-id@w3.org
On Monday, January 24, 2005, 6:48:32 PM, Daniel wrote: DV> On Mon, Jan 24, 2005 at 11:51:37AM -0500, Elliotte Harold wrote: >> I think the canonical XML spec clearly intended that all attributes in >> the XML namespace have scope over their descendants, but that's not >> really true for xml:id. DV> Arghh, this sounds like a bug in XML Canonicalization v 1.0, the DV> assumption on any future extensions of the XML namespace sounds way DV> out of scope to me. I would be surprized if they really expected DV> that effect. It sounds as if they extrapolated from three instances (xml:lang, xml:space, xml:base) to state that all future xml:* attributes would be inheritable. >> This probably has downstream implications for XML digital signatures and >> XML encryption, both of which depend on canonicalization. >> >> Exclusive XML canonicalization does not inherit xml: attributes, and so >> does not have this problem. >> >> I am not sure what to suggest as a fix. It is still possible to >> canonicalize a document that uses xml:id. However, the results could be >> quite unexpected and perhaps dangerous. DV> IMHO this should be raised as a bug in XML Canonicalization v 1.0 Certainly. >> I wish I had a good answer here. I don't. I do think this should be >> discussed, and whatever resolution is reached needs to be called out in >> the spec to warn people about this. DV> Looking at libxml2 implementation of c14n it seems affected by this, DV> damn ... DV> Daniel -- Chris Lilley mailto:chris@w3.org Chair, W3C SVG Working Group Member, W3C Technical Architecture Group As my dad would say - the first time something happens, its a mistake. The second time, its a coincidence. The third time, its traditional.
Received on Monday, 24 January 2005 17:55:23 UTC