Re: Section 4.3.3.2 from Joseph M. Reagle Jr. on 2001-07-27 (w3c-ietf-xmldsig@w3.org from July to September 2001)

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Fri, 27 Jul 2001 17:24:19 -0400
To: "Dournaee, Blake" <bdournaee@rsasecurity.com>, "John Boyer" <jboyer@PureEdge.com>
Cc: "Donald E. Eastlake 3rd" <dee3@torque.pothole.com>, w3c-ietf-xmldsig@w3.org, "Shi, Angela" <ashi@rsasecurity.com>
Message-Id: <4.3.2.7.2.20010727170759.02ed1998@localhost>

At 19:37 7/9/2001, Dournaee, Blake wrote:
>We have a question about the XML DSig spec regarding Section 4.3.3.2,
>Reference Processing Model.
...
>Consider the following clarification, and please let us know if this is the
>correct interpretation:
>
>"
>When a same-document reference (1) or a bare fragment identifier (2) is used
>as a URI Reference,  it must be dereferenced as an XPath node-set. This 
>node-set must have ALL comments stripped from it  (e.g. equivalent to 
>passing the node-set through an arbitrary 'comment stripping' 
>transformation) before canonicalization is used. The type of 
>canonicalization used is orthogonal to the stripping of all comments.  For 
>example, comments must still be stripped even if a canonicalization method 
>that preserves comments is used.
>"
>And finally, why must comments be stripped anyway?

I too am a little foggy on the relationship of XPointer and comments here. 
The appropriate text is:

http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html#sec-Same-Document
>...
>5. if the URI is not a full XPointer, then delete all comment nodes
>...
>The last step is performed for null URIs, barename XPointers and child 
>sequence XPointers. To retain comments while selecting an element by an 
>identifier ID, use the following full XPointer: URI='#xpointer(id('ID'))'. 
>To retain comments while selecting the entire document, use the following 
>full XPointer: URI='#xpointer(/)'. This XPointer contains a simple XPath 
>expression that includes the root node, which the second to last step above 
>replaces with all nodes of the parse tree (all descendants, plus all 
>attributes, plus all namespaces nodes).

Since one has the option of deciding which c14n to use (the implicit without 
comments, or an explicit with comments, or an explicit without) I no longer 
remember why the XPath nodeset processing needs this final step? John?

--
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Friday, 27 July 2001 17:24:26 UTC