Comments on the latest C14n draft from Hiroshi Maruyama on 1999-07-22 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
Date: Fri, 23 Jul 1999 06:17:58 +0900
To: w3c-ietf-xmldsig@w3.org
Message-ID: <492567B6.00758EFD.00@d22mta10.yamato.ibm.com>

Joseph asked for comments on the latest C14N draft.  Here are my comments.


1. There is an extra #xA (newline) in the definition of 'canonXML'.
We may need to be clear if we will include this newline character
in the hash calculation or not.  See the proposed C14N syntax below.

[1]  canonXML ::=  element #xA
[2]  element ::=  Stag (Datachar | element)* Etag
[3]  Stag ::=  '<' Name NSDecl? (Att NSDecl?)* '>'
[4]  Etag ::=  '</' Name '>'
[5]  NSDecl ::=  #x20 'xmlns:' Prefix '=' '"' Attvalchar* '"'
[6]  Att ::=  #x20 Name '=' '"' Attvalchar* '"'
[7]  Datachar ::=  '&amp;' | '&lt;' | '&gt;' | '&#xD;'
     | (Char - ('&' | '<' | '>' | #xD ))
[8]  Attvalchar ::=  '&amp;' | '&lt;' | '&quot;' | '&#x9;' | '&#xA;' |
'&#xD;'
     | (Char - ('&' | '<' | '"' | #x9 | #xA | #xD))
[9]  Name ::=  (Prefix ':')? NCName
[10]  Prefix ::=  'n' [1-9] [0-9]*

Having an extra newline should pose no problem if everybody follows
the specification exactly.  However, some may wonder 'element' (line [2]
above)
is more natural as a canonical form of an element in an XML document.

2. C14N does not include PIs.  Is this ok for our purposes?  If PI has no
semantic information that affects the contents, it should be ok.  I tend to
agree with this PI omission but I think it should be clearly stated in
our dsig document that PI will not be part of authenticated information.

3. The namespace handling is ok for the purpose of context independence.
Any (sub)element has exactly the same canonical form regardless the
surrounding
context.  However, the current proposal requires declaring a separate
namespace
for every attribute (even though the same namespace is used repeatedly in
the
same start tag).  The resulted canonical form would be lengthy if we have
a large number of attributes.  This is again not a big issue.


Hiroshi



--
Hiroshi Maruyama
Manager, Network Applications, Tokyo Research Laboratory
+81-462-73-4576, maruyama@jp.ibm.com
Also Associate Professor, Dept. of Computer Science, Tokyo Institute of
Technology
+81-3-5734-3953, maruyama@cs.titech.ac.jp

Received on Thursday, 22 July 1999 17:19:29 UTC