CanonicalizationMethod ElementCanonicalizationMethod is a required element that specifies the
canonicalization algorithm applied to the SignedInfo
element prior to performing signature calculations. This element
uses the general structure for algorithms described in Algorithm Identifiers and Implementation
Requirements (section 6.1). Implementations MUST support the
REQUIRED Canonical XML [XML-C14N]
method.
Alternatives to the REQUIRED Canonical XML algorithm (section 6.5.2), such as Canonical XML with Comments (section 6.5.2), may be explicitly specified but are NOT REQUIRED. Consequently, their use may not interoperate with other applications that do not support the specified algorithm (see XML Canonicalization and Syntax Constraint Considerations, section 7). Security issues may also arise in the treatment of entity processing and comments if non-XML aware canonicalization algorithms are not properly constrained (see section 8.2: Only What is "Seen" Should be Signed).
NOTE: Great care must be taken in accepting and executing a
CanonicalizationMethod at a signature verifier. For
example, a canonicalization function could be constructed which
massively transformed SignedInfo so that verification
would always succeed (i.e., converting it to a trivial signature
with a known key over trivial data). Since
CanonicalizationMethod is inside
SignedInfo, it can erase itself from
SignedInfo or modify the SignedInfo
element so that it appears that a different canonicalization
function was used. Thus a Signature which appears to
authenticate the desried data with the desired key,
DigestMethod, and SignatureMethod, can be
meaningless if an arbitrary CanonicalizationMethod can
be imposed by an adversary.
The way in which the SignedInfo element is
presented to the canonicalization method is dependent on that
method. Canonical XML [XML-C14N] (with or
without comments) implementations MUST be provided with an [XPath] node-set originally formed from the
document containing the SignedInfo and currently
indicating the SignedInfo, its descendants, and the
attribute and namespace nodes of SignedInfo and its
descendant elements (such that the namespace context and similar
ancestor information of the SignedInfo is
preserved).
Although technically outside the purviews of this document, since be definition they do not conform to it, we RECOMMEND that resource constrained applications that do not implement the Canonical XML [XML-C14N] algorithm and perhaps choose some minimal canonicalization be implemented to generate Canonical XML as their output serialization so as to easily mitigate some of these interoperability concerns. (While a result might not be the canonical form of the original, it can still be in canonical form.) For instance, such an implementation SHOULD (at least) generate standalone XML instances [XML].
Schema Definition:
<element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
<complexType name="CanonicalizationMethodType" mixed="true">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
DTD:
<!ELEMENT CanonicalizationMethod (#PCDATA %Method.ANY;)* >
<!ATTLIST CanonicalizationMethod
Algorithm CDATA #REQUIRED >