RE: Comments Section from Ed Simon on 1999-12-15 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Ed Simon <ed.simon@entrust.com>
Date: Wed, 15 Dec 1999 13:42:29 -0500
To: w3c-ietf-xmldsig@w3.org
Message-ID: <01E1D01C12D7D211AFC70090273D20B101C4A971@sothmxs06.entrust.com>

Actually, the Canonical XML spec ("http://www.w3.org/TR/xml-c14n")
says...

   2.7 Comment Information Items
       Canonical XML does not include comment information items.

Given this, I would change Don's wording to...

"No use is made in this specification of XML comments, either
within Sigature or any other element defined herein.

Note that unless the XML-Canonicalization method is specified, XML
comments inside SignedInfo will be signed.  Thus,
if the XML-Canonicalization method is NOT used (or if a custom
canonicalization method that does NOT ignore comments is used),
any changes to comments inside SignedInfo will cause signature failure.
Similarly, the XML signature over any XML data will be sensitive
to comment changes unless a comment-ignoring canonicalization method,
such as the XML-Canonicalization method, is
specified or Transforms are used which drop out such comments."
 
Poetically yours, Ed

-----Original Message-----
From: dee3@us.ibm.com [mailto:dee3@us.ibm.com]
Sent: Wednesday, December 15, 1999 10:52 AM
To: w3c-ietf-xmldsig@w3.org
Subject: Comments Section


There is currently a dummy section 4.4 in the draft on comments.  I suggest
it be change to

"No use is made in this specification of XML comments, either
within Sigature or any other element defined herein.

Note that XML comments inside SignedInfo will be signed for any
CanonicalizationMethod (including none) specified herein.  Thus,
unless a customized CanonicalizationMethod is used, any changes
to comments inside SignedInfo will cause signature failure.
Similarly, the XML signature over any XML data will be sensitive
to comment changes unless Transforms are used which drop out
such comments."

Donald

PS: I believe the lastest W3C infoset and canonicalization documents
preserve comments.

Donald E. Eastlake, 3rd
IBM, 17 Skyline Drive, Hawthorne, NY 10532 USA
dee3@us.ibm.com   tel: 1-914-784-7913, fax: 1-914-784-3833

home: 65 Shindegan Hill Road, RR#1, Carmel, NY 10512 USA
dee3@torque.pothole.com   tel: 1-914-276-2668

Received on Wednesday, 15 December 1999 13:43:11 UTC