- From: Joseph M. Reagle Jr. <reagle@w3.org>
- Date: Fri, 06 Oct 2000 10:47:22 -0400
- To: "Gregor Karlinger" <gregor.karlinger@iaik.at>
- Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
At 10:20 10/6/2000 +0200, Gregor Karlinger wrote: >I DO think that inserting whitespace text inside SignedInfo will break the >signature, since > >* even a validating parser must not remove insignificant white space during > parsing. Instead, he must inform the "application" whether white space is > insignificant or not. > >* We have not defined any rules in the XMLSignature spec (which is the > norm for the "application") how a XMLSignature application must treat > whitespace in the SignedInfo element and its descendants. > >* And finally, canonical XML does not remove whitespace text. Hrmmm... well my immediate goal was to make your examples a bit more pretty like Kent's example from the last version [1]; this has white space indenting in SignedInfo. However, Tidy started as an HTML processor and white space isn't important in that context for element content. But I think your right, in our context it does matter. Consequently, this means that while you might verify Kent's Signature and Kent might verify your Signature, your two applications (when signing the same document with the same key and everything else equal) will yield a different SignatureValue depending on how you output the XML. Regardless, I restored your tested examples (if I grabbed the right ones out of my attach directory! <smile>) to [2], and if someone provides me with pretty and tested examples, I'll include them. [1] http://www.w3.org/TR/2000/WD-xmldsig-core-20000918/signature-example-rsa.xml [2] http://www.w3.org/Signature/Drafts/WD-xmldsig-core-latest/ __ Joseph Reagle Jr. W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/People/Reagle/
Received on Friday, 6 October 2000 10:47:32 UTC