Proposal for changes to C14N11 related to XMLSec interop feedback

Paul, Thomas

I have put together a concrete proposed set of changes to C14N11 -  
this may help with our discussion tomorrow. This is a rough draft for  
discussion and has not been reviewed by the XMLSec WG.

I  attach a PDF red-line that attempts to implement all of our  
feedback to C14N11 [1] on the C14N11 CR draft [2]. Line numbers refer  
to the PDF.

The rationale of the changes is as follows:

1. Line 11, remove text to revert C14N11 to 1.0 wording, as agreed in  
first feedback item

2.  Line 37-60 attempt to address feedback on xml:base processing as  

2a. Wrote new brief introduction to xml:base fixup processing. Remove  
redundant descriptions, as a result the text now only refers to  
removed  *elements* requiring fixup. Added parenthetical to emphasize  
need for contiguous missing elements, and to indicated how this  
applies to updated example.

2b renamed "join URI" to "join-URI-References"

2c Added explicit warning re removal of elements vs attributes (lines  

2c moved description of join-URI-References function to follow  
general xml:base fixup discussion. Minor editorial updates

2c) removed reference to Appendix A, I am suggesting that Appendix A  
be removed. Last bullet covers the key point at line 79-83

3. Updated example for 3.8 as suggested by XMLSec. (lines 92-96)

regards, Frederick

Frederick Hirsch



On Oct 25, 2007, at 1:12 PM, ext Thomas Roessler wrote:

> ----- Forwarded message from "Grosso, Paul" <> -----
> From: "Grosso, Paul" <>
> To:, Thomas Roessler  
> <>
> Date: Thu, 25 Oct 2007 12:59:02 -0400
> Subject: Re: Interop meeting report
> X-Spam-Level:
> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.1.5
> Thomas,
> I wanted to archive this email, and I can't post directly
> to the XMLSEC list, so please forward this message to
> paul
> ---
>> The XML Security Specifications Maintenance Working Group
>> held an interoperability testing meeting for the
>> XML Digital Signatures and Canonical XML 1.1 specifications
>> in Mountain View, California, on 27 September 2007.
> The XML Core WG is very appreciative of these efforts
> and this feedback.
>> The following three issues with the Canonical XML 1.1
>> specification were identified.
>> 1. The change back to language from C14N 1.0 that is
>> suggested in [1] should be applied, as it matches
>> implementation behavior.
> Agreed, we will revert to 1.0 wording.
>> 2. The fix-up for the xml:base attribute that is specified in
>> section 2.4 [2] was not implemented interoperably.
>> A single implementation was found to have implemented the
>> specification's normative text correctly.  Four implementations
>> were found to be consistent with the example in section 3.8 [3].
>> The example in section 3.8 was found to be inconsistent with the
>> normative text.
>> After discussion, there was consensus that the normative text is
>> correct (but in need of clarification), and that the example
>> provided in the specification is indeed incorrect.
> Thank you for your clear explanation and examples.  We agree
> with your feedback, and we have directed the editor to correct
> the examples and come up with improved wording.
> Once we have a new draft of this section, we will share it
> with you for your comments.
>> 3. Appendix A was found to be complex to the point of being
>> unimplementable.
>> We recommend to rewrite Appendix A in a clear and simple
>> fashion. Where the (commendable!) aim of staying close to
>> RFC 3986's language gets into the way of clarity or
>> simplicity, the latter should be given priority.
> Being complex to the point of being unimplementable is
> certainly an unfortunate situation.
> However, RFC 3986 is very complicated.  People have been
> arguing about what 2386 and 3986 really say for years, and
> it's unlikely to stop.  It's been said that, if you think
> you understand this stuff and you aren't Roy Fielding, you
> are misleading yourself.
> Given that, we are very loath to attempt to include wording
> that is not based on 3986 as there would be almost no
> guarantee that it would be correct.
> If there are errors in the description in Appendix A in
> the C14N 1.1 CR, we certainly need to correct them.  If
> there is a minor wording change that we can all agree
> maintains the correct meaning and improves its clarity,
> we are all for that.
> But unless we can get Roy Fielding to approve it, we are
> very loath to replace Appendix A with a completely
> different algorithm.
> paul
> for the XML Core WG
>> 1. 
>> 0018
>> 2.
>> 3.
> ----- End forwarded message -----

Received on Monday, 5 November 2007 23:13:21 UTC