- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Tue, 25 Jan 2000 17:36:37 -0500
- To: Gregor Karlinger <Gregor.Karlinger@iaik.at>
- Cc: ML W3C XML-Signature <w3c-ietf-xmldsig@w3.org>
At 13:04 00/01/12 +0100, Gregor Karlinger wrote:
>If minimal canonicalization or Canonical XML has been chosen it is
>clear what forms the input of the signature method, because both
>methods are using UTF-8 as character encoding.
>
>But what if no canonicalization is used?
Were you referring to data objects or to SignedInfo? In either case, I don't
think this is something the spec speaks to as it's up to the application. We
spoke about this at the FTF, and when you get into issues of the byte order
architecture of different platforms, one can see that it could be quite
risky (non-interoperable) not do so some sort of
serialization/canonicalization.
http://www.w3.org/Signature/Minutes/SanJose/
What does null canonicalization mean? People that use null might
have their own byte (big/little endian) orders. Null implies no
guarantee
of interoperability, but everyone agrees that is the risk in using
it. However,
why have a specific namespace for it ? ACTION Editors: remove null
namespace and make the meaning of the CanonicalizationMethod not
being present in SignedInfo mean that nothing happens. (Move text of
5.5.1 to 3.3. 1).
_________________________________________________________
Joseph Reagle Jr.
Policy Analyst mailto:reagle@w3.org
XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Tuesday, 25 January 2000 17:36:44 UTC