- From: Scott Cantor <cantor.2@osu.edu>
- Date: Tue, 20 Apr 2010 13:05:27 -0400
- To: "'Karel Wouters'" <karel.wouters@esat.kuleuven.be>
- Cc: "'XMLSec WG Public List'" <public-xmlsec@w3.org>
> The signer might not be the one who has produced the document, so he > might not be in a position to decide what's meaningless. Yes, that's true, so he probably wouldn't be using that option. > But at the same time, those users might add xml:space=preserve when > enveloping the signature in another document, precisely to protect all > their pretty-printing. Schemas/grammars/specs would have to explicitly permit xml:space to appear on the root element for that to be a concern. And would those users really think to do this? Doesn't seem likely to me. > They don't know that pretty printing will kill > the signature, so surely they don't know that xml:space=preserve will do > the same. Yes, but pretty printing is pretty common, and xml:space is not so much, is it? > Conclusion: trimTextNode=true is to be included when signers expect that > pretty printing will mess up the signature, but can be problematic for > those pretty printers that also include xml:space=preserve > > So it doesn't protect against all mess-ups, but at least against a > (considerable?) part of it. In the cases I'm aware of, "considerable" borders on "virtually all". -- Scott
Received on Tuesday, 20 April 2010 17:06:27 UTC