- From: Sean Mullan <Sean.Mullan@Sun.COM>
- Date: Mon, 22 Sep 2008 15:05:36 -0400
- To: "Hirsch Frederick (Nokia-OCTO/Boston)" <frederick.hirsch@nokia.com>
- Cc: XMLSec WG Public List <public-xmlsec@w3.org>
Hirsch Frederick (Nokia-OCTO/Boston) wrote: > > All > > We have some items to complete before publishing the Best Practices as a > first working draft. > If we can complete these items before 7 October, then we can agree at > that meeting to the changes, incorporate them before the F2F and agree > to publish during the F2F (unless we are able to agree to publish on 7 > October). > > 1) Please review the current Best Practices draft so that we can approve > as working draft for publication. Please post any comments to the list > by next week. > > http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/ A couple of comments on section section 2.1.2 (Best Practice 5). I think it would be a fairly immature XML Signature implementation that would still duplicate every namespace node for each element in the document. Yes, some early implementations did do that. I suggest adjusting the wording in this section as to not imply that every implementation does that. Also, the example uses relative namespace URIs which should be rejected by C14N implementations [1]. So the example needs to be changed to use absolute URIs. This comment applies to all of the other examples as well. --Sean [1] http://www.w3.org/TR/xml-c14n11/#DataModel Note: This specification supports the recent XML plenary decision to deprecate relative namespace URIs as follows: implementations of XML canonicalization MUST report an operation failure on documents containing relative namespace URIs. XML canonicalization MUST NOT be implemented with an XML parser that converts relative URIs to absolute URIs.
Received on Monday, 22 September 2008 19:06:17 UTC