RE: Typos and implications in WD-xml-c14n-20000613 from John Boyer on 2000-07-03 (w3c-ietf-xmldsig@w3.org from July to September 2000)

From: John Boyer <jboyer@PureEdge.com>
Date: Sun, 2 Jul 2000 21:56:11 -0700
To: "Doug Bunting" <Doug@ariba.com>
Cc: <w3c-ietf-xmldsig@w3.org>
Message-ID: <BFEDKCINEPLBDLODCODKEEJOCDAA.jboyer@PureEdge.com>
Hi Doug,

Firstly, thanks for taking the time to go through the document.  I can reply
to this more substantively on my return (week of July 19) if there is
further need.

It appears that you are reading the June 13 draft and not the one I just
posted yesterday.  Please have a look at the new one [1].

[1]
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2000JulSep/0001.html

More comments within.

John Boyer
PureEdge


  -----Original Message-----
  From: Doug Bunting [mailto:Doug@ariba.com]
  Sent: Sunday, July 02, 2000 1:48 PM
  To: 'jboyer@PureEdge.com'
  Cc: 'w3c-ietf-xmldsig@w3.org'
  Subject: Typos and implications in WD-xml-c14n-20000613


  John,

  I noticed the following in the latest Canonical XML draft:
    a.. In the Status of this Document section, the parenthetical comment in
the second paragraph should read "(and any other issues)" not "(any any
other issues)".
  OK .
    a.. In Section 2, the paragraph reading "An element has attribute nodes
to represent the non-namespace attribute declarations appearing in its start
tag as well as nodes to represent default attributes that were not specified
and not declared as #implied." implies the legality of an attribute
declaration such as <!ATTLIST form method CDATA #IMPLIED "POST">.  This is
not legal according to section 3.3.2 of the XML Recommendation.  "Default
attributes" must be either declared as #FIXED or simply with an attribute
value.
    b.. The following paragraph would read better as "... retain sufficient
information ..." instead of "... retain the sufficient information ..."
  Fixed in [1]
    a.. In Section 5, the second-to-last paragraph contains an extraneous
">".
  Fixed in [1]
    a.. In A.2, both Proof paragraphs are followed by "[]" which seem
extraneous.
  These are meant to represent the standard mbox denoting the end of a proof
(a bit less ostentatious than QED).

  Of slightly greater importance, the distinction between serialising an XML
document in consistent character encodings and avoiding character encoding
normalization isn't made clear by this document.  When creating a file or
character stream containing the serialization of a Canonical XML document,
the draft implies but does not explicitly state that UTF-8 should be used.

  Please see first sentence of Section 4 (either [1] or the lastest posted
draft).

  It may assist those not using an XPath processor when creating Canonical
XML documents if you made clear some implications of your chosen system.
For example, entities (including character entities other than &#9, &#A and
&#D) would not appear in a Canonical XML document.

  Please see section 2, second paragraph, four list item (either [1] or the
lastest posted draft).

  Leaving the inclusion of comment nodes up to implementators leads to two
possible Canonical forms of the same document.  Either recommend one or the
other, remove the ambiguity or define a processing instruction (or other
method) such that the source of a signed document could let the recipient
know which approach was chosen when generating the signature.  The default
exclusion is not sufficiently constrained (it implies comments could be
included by "flipping a switch").  A potentially sufficient improvement
would be to state "In the absence of an explicit XPath which includes
comment nodes, comments are not included in the Canonical form."

  Please see last paragraph of Section 2 (either [1] or the lastest posted
draft).

  thanx,
      doug

  Doug Bunting
  cXML Standards Manager
  Ariba, Inc.
Received on Monday, 3 July 2000 00:56:18 UTC