MUST READ [Canonicalization] -- Draft of XML Signature's WG offi cial reaction to Canonical XML from Ed Simon on 2000-02-03 (w3c-ietf-xmldsig@w3.org from January to March 2000)

From: Ed Simon <ed.simon@entrust.com>
Date: Thu, 3 Feb 2000 14:19:13 -0500
To: DSig Group <w3c-ietf-xmldsig@w3.org>
Message-ID: <01E1D01C12D7D211AFC70090273D20B101C4AA27@sothmxs06.entrust.com>

During the telecon, we discussed the XML Signature WG's response to
Canonical XML.  

Here's the first draft of the response.  Please have your comments sent to
the WG archive by Feb 7 noon EST.  
-----------
The XML Signature WG has reviewed the 19 January 2000 draft of Canonical
XML.
Though we have some non-mandatory concerns about normalizing character
encodings, 
we feel the draft meets our requirements.

For the record, this note includes a summary of our discussions regarding
two
topics related to Canonical XML.  The first topic is the character encoding
one
just mentioned; the second deals with the treatment of XML Fragments
returned by
XPath.  

Normalization of character encoding (section 5.1 of Canonical XML issued 19
Jan 2000):
The XML Signature WG sees no direct security consideration problem with the
normalization of
character representation.  However, we are concerned that requiring
implementors to do the
normalization may be introducing more complexity than is reasonable for the
stated benefit
(which is considered questionable by several members of the XML Signature
WG).  {Kent, of the
WG, you have the most experience in this area, could you add your comments?}

Canonicalization of XML Fragments:
The XML Signature WG discussed whether we have any requirement on Canonical
XML regarding
XML fragments (such as a well-balanced element returned by XPath
(well-balanced is defined in
the XML Fragment Interchange spec)).  We determined that if even if the
canonicalization of 
document fragments is an issue for the XML Signature WG, it needs to be
resolved by the XML 
Signature WG and is not an issue for the Canonical XML WG.  In particular,
the XML Signature
WG will take responsibility for describing how to canonicalize a
well-balanced element.

In summary, we thank the Canonical XML WG for their efforts and look forward
to
exploring the character encoding issue further.
-----------
Regards, Ed

Received on Thursday, 3 February 2000 14:19:49 UTC