- From: Dournaee, Blake <bdournaee@rsasecurity.com>
- Date: Mon, 9 Jul 2001 16:37:42 -0700
- To: "'Joseph M. Reagle Jr.'" <reagle@w3.org>, "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>
- Cc: w3c-ietf-xmldsig@w3.org, "Shi, Angela" <ashi@rsasecurity.com>
Hello All, I want to thank everyone for their insights to my numerous questions. Everyone has been most helpful. We have a question about the XML DSig spec regarding Section 4.3.3.2, Reference Processing Model. Specifically, we would like to clarify the following prose: /snip.. 1. URI="" Identifies the nodeset (minus any comment nodes) of the XML resource containing the signature 2. URI="#chapter1" Identifies a nodeset containing the element with ID attribute value 'chapter1' of the XML resource containing the signature. XML Signature (and its applications) modify this nodeset to include the element plus all descendents including namespaces and attributes -- but not comments. /snip.. Consider the following clarification, and please let us know if this is the correct interpretation: " When a same-document reference (1) or a bare fragment identifier (2) is used as a URI Reference, it must be dereferenced as an XPath node-set. This node-set must have ALL comments stripped from it (e.g. equivalent to passing the node-set through an arbitrary 'comment stripping' transformation) before canonicalization is used. The type of canonicalization used is orthogonal to the stripping of all comments. For example, comments must still be stripped even if a canonicalization method that preserves comments is used. " And finally, why must comments be stripped anyway? Kind Regards, Blake Dournaee Toolkit Applications Engineer RSA Security "The only thing I know is that I know nothing" - Socrates
Received on Monday, 9 July 2001 19:38:09 UTC