Re: Proposal to re-open 4.3.3.1 (Re: ACTION-97 - Raise [] issue on public list [Fwd: RFC 2396 + RFC 2732 vs. RFC 3986 (XMLDSIG section 4.3.3.1)]) from Konrad Lanz on 2007-10-23 (public-xmlsec-maintwg@w3.org from October 2007)

From: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>
Date: Tue, 23 Oct 2007 18:42:17 +0200
To: Konrad Lanz <Konrad.Lanz@iaik.tugraz.at>, XMLSec <public-xmlsec-maintwg@w3.org>
Message-ID: <471E2469.7040807@iaik.tugraz.at>

Hi Thomas as discussed,

still the issue surrounding the square bracket '[' ']' in the fragment
of a URI reference is orthogonal to the treatment of strings as
specified in LEIRI [1], HRRI [2] or XML resource identifier[3] because
'[' and ']' aren't - as far as I can see - treated by any of those.

So my proposal remains:
http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Oct/0003.html
> I propose however that we despite of this fact allow implementations
> to dereference a fragment only uri references containing
> "unescaped square brackets" as the grammar in RFC 2732 (as opposed to
> its prose) would have allowed this.

regards
Konrad

[1] http://www.ietf.org/internet-drafts/draft-duerst-iri-bis-01.txt
[2] http://www.w3.org/XML/2007/04/hrri/draft-walsh-tobin-hrri-01c.html
[3] http://www.w3.org/TR/2006/CR-xlink11-20060328/#xml-resource-identifier

Thomas Roessler schrieb:
> Per ACTION-102, here's a more high-level version of the choices we're
> facing:
>
> - Is there a requirement on software that generates Reference
> elements that the value of Reference/@URI conform to URI syntax, or
> are we following the lead of XML Schema and XLink and assume that
> anything that can be transformed into a URI is permissible in that
> attribute?
>
> - Is there a requirement on software that reads a Reference element
> to transform an anyURI attribute value found in Reference/@URI into a
>  URI if that value does not conform to the requirements from the URI
> spec?
>
> So far, we've read the spec to mean that the requirement is on
> generators to make sure the URI attribute's value conforms to URI
> syntax. We seemed to leave it open whether receiving software would
> need to accept "improper" URIs (and escape them) or not.
>
> Comparing the language in Signature with the one in Schema and XLink
> suggests that the requirement to perform escaping is on software that
> *ready* the Reference element, not on software that writes it.
>
> Feed-back on this would be most welcome, in particular as far as
> implementation behavior is concerned.
>
> Regards,


-- 
Konrad Lanz, IAIK/SIC - Graz University of Technology
Inffeldgasse 16a, 8010 Graz, Austria
Tel: +43 316 873 5547
Fax: +43 316 873 5520
https://www.iaik.tugraz.at/aboutus/people/lanz
http://jce.iaik.tugraz.at

Certificate chain (including the EuroPKI root certificate):
https://europki.iaik.at/ca/europki-at/cert_download.htm

Received on Tuesday, 23 October 2007 16:42:33 UTC