Some errors and typos in the latest XML-Signature draft, Part 1 from Gregor Karlinger on 1999-12-20 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Gregor Karlinger <Gregor.Karlinger@iaik.at>
Date: Mon, 20 Dec 1999 14:44:11 +0100
To: "Joseph M. Reagle Jr." <reagle@w3.org>, David Solo <dsolo@alum.mit.edu>, Donald Eastlake <dee3@torque.pothole.com>
CC: ML W3C XML-Signature <w3c-ietf-xmldsig@w3.org>
Message-ID: <385E32AB.AFDEFBA1@iaik.at>

As I scanned the latest XML-Signature draft (19991217) I found some
errors and typos, which are enumberated below.

I also found a lot of bugs in the schema definitions. Additionally a new draft
of XML-Schema has appeared (19991217). I will try go adopt the definitions to it
in a seperate email.
 

Section "Status of this document":
----------------------------------

"This is an internal WG Draft that captures the move towards References ..."
                                                     ^^^^^^^^^^^^^^^^^^
As References are not introduced, maybe skip this part.

Section "1.3 Namespaces and Identifiers":
-----------------------------------------

Several different URIs are used for declaring the same namespace, namely
xmlns="http://www.w3.org/1999/12/xmldsig-core":

"... SignatureProperties is identified and defined by this specifications namespace 
 http://www.w3.org/1999/12/dsig-core/SignatureProperties ..."
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                          

"... SHA1 is identified via this specification's namespace and defined via a 
 normative reference http://www.w3.org/1999/12/dsig-core/SHA1 ..."
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                          

"...    <?xml version="1.0" ?> 
        <!DOCTYPE Signature SYSTEM "xmldsig.dtd" [ 
        <!ENTITY dsig 'http://www.w3.org/1999/10/signature-core'>]> ..."
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                          

Section "2.0 Signature Overview":
---------------------------------

Typo: "...The formal specification is provided in the section-3: ..."
                                                  ^^^

Section "2.1 The Signature Element":
------------------------------------

"... Within an XML document, signatures are related to data objects via IDREFs ..."

Signatures can also be related to data objects via URI and XPath transforms. Maybee
add this fact here.

Section "2.2 The SignedInfo Element":
-------------------------------------

"... We specify additional algorithms as Recommended or Optional and ..."

Maybe capitalize "Recommended" and "Optional".

Section "2.3 The Reference Element":
------------------------------------

... 
        <SignedInfo> 
           (CanonicalizationMethod)? 
           (SignatureMethod) 
           <Reference (URI=|IDREF=)? Type=?> 
             (Transforms)? 
             (DigestMethod) 
             (DigestValue) 
           </Reference>+ 
        </SignedInfo> 
... 

The expression "<Reference ... </Reference>" should be placed in brackets to
better indicate the operand of the "+" operator.

Section "2.5 The SignatureProperties Element":
----------------------------------------------

Typo: "... or the serial number or hardware used ..."
                                ^^
Section "3.1 The Signature element":
------------------------------------

"... Example: 

        <!DOCTYPE Signature [ 
        <!ENTITY dsig 'http://www.w3.org/1999/12/signature-core'>]> 
        <Signature xmlns="http://www.w3.org/1999/12/xmldsig-core">  ..."
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                          

Same as with section 1.3.

Section "3.3.3.1 The Transforms Element":
-----------------------------------------

In this section there is no hint (neither in the textual description nor in the
Schema definition) that the "Transform" element could have mixed content. But
in section 5.6 the specification defines some character content for the "Transform"
element.

To solve this contradiction, I suggest the following:

* Keep the content model as-is (content='elementOnly')

* Put the stuff defined in section 5.6 into a parameter element (for example the
  XPath language expression).

*************************************************************************************
This is the first part of my error and typo report, including chapter 3.3.3.3.
I will have I look at the remaining parts of the draft tomorrow.
*************************************************************************************

Regards, Gregor


-- 
---------------------------------------------------------------
Gregor Karlinger
mailto://gregor.karlinger@iaik.at
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------

Received on Monday, 20 December 1999 08:44:08 UTC