- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Sat, 9 Jun 2001 12:18:31 +0200
- To: "Joseph M. Reagle Jr." <reagle@w3.org>
- Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Joseph, I think the current Schema definition at least of the DigestValueType leads to severe problems: DigestValueType is derived by restriction from the XML Schema simple type base64Binary. The *FIXED* value of the "whitespace" facet is "collapse" for all atomic types other than string [1]. A value of "collapse" means that a validating parser normalizes whitespaces in the string content of the DigestValue element. This behaviour could break the signature, if the signer produces a digest value containing sequences of whitespaces, and the verifier schema validates the signature. Since the "collapse" value for the "whitespace" faced is *FIXED* we cannot derive our DigestValueType from "base64Binary". Instead we could derive the type by restriction from "string" since then we are allowed to change the value of the "whitespace" facet to "preserve" [1]. This issue is vital with respect to DigestValueType, but maybe it also makes sence to change the definition of SignatureValueType, CryptoBinary, X509SKI, ... since this elements are also likely to be covered by a signature, and then the same problem applies there. --- [1] http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/#rf-whiteSpace Liebe Gruesse/Regards, --------------------------------------------------------------- DI Gregor Karlinger mailto:gregor.karlinger@iaik.at http://www.iaik.at Phone +43 316 873 5541 Institute for Applied Information Processing and Communications Austria ---------------------------------------------------------------
Received on Saturday, 9 June 2001 06:18:39 UTC