RE: C14N2.0 minor issues from Pratik Datta on 2010-08-20 (public-xmlsec@w3.org from August 2010)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Fri, 20 Aug 2010 13:43:22 -0700 (PDT)
To: Meiko Jensen <Meiko.Jensen@ruhr-uni-bochum.de>, XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <64c2861a-865d-4b65-b3be-1c6e3571f13e@default>

I have fixed 1) and 3).

2) is intentional.
prefixRewrite="none" means follow Canonical XML 1.x behavior.  And in that the namespaces are supposed to be sorted by prefix.  (See section 2.2 in Canonical XML 1.0  http://www.w3.org/TR/xml-c14n#DocumentOrder)


Whereas in prefixRewrite="sequential" and "digest" we get rid of prefix names, so we cannot sort by prefixes.


Let us illustrate by an example 
Look at example 3.3 in  Canonical XML 1.0  http://www.w3.org/TR/xml-c14n#Example-SETags)

This have three namespaces

In canonical XML 1.0, they are emitted in this order
xmlns="http://example.org" xmlns:a="http://www.w3.org" xmlns:b="http://www.ietf.org"

(Sorted by prefix i.e.   "", "a", "b")

Whereas with prefixRewrite="sequential", they are emitted in this order
xmlns:n5="https://example.org" xmlns:n6="http://www.ietf.org" xmlns:n7="http://www.w3.org")

(prefix assigned by URI order.  "example" "www.ietf", "www.w3")

I have changed the step 3 to indicate this.
Step 3: If SortAttributes="true" which is the default, then sort this list of namespaces as follows:
In case of prefixRewrite="none" sort the namespace declaration in lexicographic(ascending) order of prefixes (the default namespace declaration has no prefix, so it is lexicographically least).
In case of prefixRewrite="sequential" or prefixRewrite="digest" sort them in ascending order of namespace URI


Pratik

-----Original Message-----
From: Meiko Jensen [mailto:Meiko.Jensen@ruhr-uni-bochum.de] 
Sent: Friday, August 13, 2010 7:41 AM
To: XMLSec WG Public List
Subject: C14N2.0 minor issues

My student found some minor issues with the Canonical XML Version 2.0
Document (Draft of 07 August):

1) chapters 4.7 and 4.8 contradict 2.3 (and I think the 2.3 description
is correct here) by saying that a newline has to be added *before* a PI
if we are *before* the document node and *after* the PI if we are
*after* the document node. I'd think it has to be the other way round,
to separate PI and document node by a newline (as said in 2.3)

2) 4.10 says that if prefixRewrite is set to none you'd have to "sort
the nsToBeOutputList by the prefix", while in the other two cases it
says to "sort the nsToBeOutputList by URI". I'm not sure what the
correct behaviour is here, but I'm wondering on why we have this
differentiation...

3) Example 2.5.3.2 for sequential prefix rewriting starts with "n1"
though the text in 2.5.2 says the counter starts with 0.

Meiko

-- 
Dipl.-Inf. Meiko Jensen
Chair for Network and Data Security 
Horst Görtz Institute for IT-Security 
Ruhr University Bochum, Germany
_____________________________
Universitätsstr. 150, Geb. IC 4/150
D-44780 Bochum, Germany
Phone: +49 (0) 234 / 32-26796
Telefax: +49 (0) 234 / 32-14347
http:// www.nds.rub.de

Received on Friday, 20 August 2010 20:44:58 UTC