Proposed Signature 1.1 warning re serialization

I propose we add the following text to XML Signature 1.1 in section  
3.2.1 (Reference Validation) at the end of the section , as a second  

Note - After a Signature element has been created in Signature  
Generation for a signature with a same document reference, an  
implementation can serialize the XML content with variations in that  
serialization. This means that Reference Validation needs to  
canonicalize the XML document before digesting in step 1 to avoid  
issues related to variations in serialization.

This should complete ACTION-289.

regards, Frederick

Frederick Hirsch

Received on Saturday, 16 May 2009 12:18:37 UTC