- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Wed, 22 Mar 2000 10:11:04 +0100
- To: "Martin J. Duerst" <duerst@w3.org>, "John Boyer" <jboyer@PureEdge.com>
- Cc: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>, <w3c-xsl-wg@w3.org>
> >The problem is that if one application reads a UTF-8 document > and leaves it > >in UTF-8, then the output will be UTF-8, which implies one > digest value. If > >another tool reads the UTF-8 then converts to UTF-16 because of some > >limitation on their XPath expression engine, then the output > will be UTF-16 > >(unless they take the special effort of converting back to UTF-8 (???) to > >overcome the limitation of their toolset). So, a signature > created by the > >first product would not verify in the second product. > > I guess the only thing that makes sense here is to define > that the XPath serializer produce output in a single specific > encoding. I guess that would most probably be UTF-8. ... or simply add another transform afterwards which is doing XML canonicalization as recommended by the current XML-Signature draft to avoid such problems. Regards, Gregor --------------------------------------------------------------- Gregor Karlinger mailto://gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Wednesday, 22 March 2000 04:12:58 UTC