- From: merlin <merlin@baltimore.ie>
- Date: Tue, 15 May 2001 13:12:00 +0100
- To: "Tom Gindin" <tgindin@us.ibm.com>
- Cc: "Gregor Karlinger" <gregor.karlinger@iaik.at>, w3c-ietf-xmldsig@w3.org
There's another issue that seems relevant. RFC 2253 states that strings must be converted to UTF-8 and then the escaping rules must be applied. Do we honour this, or should we UTF-8 decode the RFC2253 string before embedding it in the text node. Essentially, should the final example in RFC 2253 be encoded in XML as: UTF-8 encode and require ASCII escaping of high-bit-set chars: SN=Lu\C4\8Di\C4\87 UTF-8 encode and embed the result directly: SN=Lu??i?? (where ? is a high-bit UTF-8 byte directly embedded) (Here the meaning is confusing because the UTF-8 encoded text will correspond to some other Unicode charactes, e.g. Ä) De-UTF-8 and embed the Unicode original: SN=Lu?i? (where ? is the original character) The last seems like the best option to me. Plus require escaping of all ASCII controls. Merlin r/tgindin@us.ibm.com/2001.05.15/07:36:47 > > I would like to require the escaping of all ASCII controls in DN's in >XMLDSIG (I was not precise enough last time, and what I said could have >been interpreted as having wider scope) because otherwise standard trimming >routines may eliminate characters which somebody left in a DN >intentionally, as is permitted by RFC 2253. It is my impression that >standard trimming routines tend to remove horizontal tab, for example, in >the same positions where they remove space. > > Tom Gindin > > >"Gregor Karlinger" <gregor.karlinger@iaik.at> on 05/15/2001 07:10:53 AM > >To: Tom Gindin/Watson/IBM@IBMUS >cc: <w3c-ietf-xmldsig@w3.org> >Subject: AW: AW: KeyName white space > > >Tom, > >[...] > >> require it to start with an alphanumeric, trimming any leading whitespace >> would be safest. > >Yes, and this requirement should be stated in XML-Signature. > >> So I think considering unescaped spaces at either end of a DN to be >> part of it is actually in violation of RFC 2253. However, and very >> strangely, no similar requirement exists for horizontal tab or line feed, >> while carriage return must be escaped according to RFC 1779 but not 2253. >> Should we require that XMLDSIG implementations escape all ASCII control >> characters as well? > >Why would you like to require such an escaping? > >Liebe Gruesse/Regards, >--------------------------------------------------------------- >DI Gregor Karlinger >mailto:gregor.karlinger@iaik.at >http://www.iaik.at >Phone +43 316 873 5541 >Institute for Applied Information Processing and Communications >Austria >--------------------------------------------------------------- > > > > > ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Received on Tuesday, 15 May 2001 08:12:25 UTC