- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Mon, 24 Nov 2014 07:55:31 +0100
- To: public-xmlsec-comments@w3.org
The IETF and W3C claims that all parameter- and message-data MUST be Base64-encoded in a credible signature scheme. I guess this is the opposite to XML DSig which builds on an extremely elaborate (and provably brittle) canonicalization scheme. Personally I have found that if you do certain (IMO "reasonable") assumptions about JSON parsers, you can get away from both Base64 and canonicalization. Anyway, the demo now runs all three different approaches just in case :-) Using "Chrome" you may try: https://mobilepki.org/WCPPSignatureDemo The signatures are authentic although the XML version must be "flattened" to a single line to validate (unlike JCS which is completely independent of any whitespace outside of the actual elements). Anders
Received on Monday, 24 November 2014 06:56:02 UTC