- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 8 Dec 2007 09:00:19 +0100
- To: Bruce Rich <brich@us.ibm.com>
- Cc: xmldsigtechnical <public-xmlsec-maintwg@w3.org>
On 2007-12-07 15:02:22 -0600, Bruce Rich wrote:
> Check that implementations and APIs of [XMLDSIG] honor the recommendation
> to use [XML-C14N1.1] in section 3.1.1 "Reference Generation" of [XMLDSIG]
> Where is this recommendation made? It's not in section 3.1.1 of xmldsig.
The Reference Processing Model (section 4.3.3.2) requires use of
Canonical XML 1.0 [XML-C14N] as default processing behavior when
a transformation is expecting an octet-stream, but the data
object resulting from URI dereferencing or from the previous
transformation in the list of Transform elements is a node-set.
We RECOMMEND that, when generating signatures, signature
applications do not rely on this default behavior, but explicitly
identify the transformation that is applied to perform this
mapping. In cases in which inclusive canonicalization is desired,
we RECOMMEND that Canonical XML 1.1 [XML-C14N11] be used.
-- http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-CoreGeneration
Regards,
--
Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 8 December 2007 08:00:38 UTC