- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Wed, 7 Sep 2011 14:57:48 +0000
- To: "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "steve.derose@openamplify.com" <steve.derose@openamplify.com>
- CC: "jboyer@PureEdge.com" <jboyer@PureEdge.com>, "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>, "cmsmcq@blackmesatech.com" <cmsmcq@blackmesatech.com>, "ht@cogsci.ed.ac.uk" <ht@cogsci.ed.ac.uk>, "chris@w3.org" <chris@w3.org>
On 9/7/11 10:51 AM, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com> wrote: > >It is the job of an XML document author to produce well-formed XML >before any considerations of signing/encryption and XML Canonicalization. >Any required escaping happens before security processing, and there are a >variety of choices that can be made > for such escaping, as well as other representation of information. >Canonical XML is agnostic to these choices. I think his point is that in the process of following the spec, c14n replaces those character references with the actual characters. So I think the result of that is non-well-formed. I can't recall if it's an explicit guarantee of c14n that the output be well-formed. I suspect it was a goal, but not a guarantee. If so, it's not a bug, but perhaps something to address in 2.0. -- Scott
Received on Wednesday, 7 September 2011 14:59:44 UTC