- From: Gregor Karlinger <gregor.karlinger@iaik.at>
- Date: Wed, 29 Aug 2001 07:46:50 +0200
- To: <reagle@w3.org>, <merlin@baltimore.ie>
- Cc: "XMLSigWG" <w3c-ietf-xmldsig@w3.org>
Joseph,
> [Henry, we could use your help in getting Xerces to adopt the
> erratum with
> respect to normalized values (not schema normalized values):
>
> http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JulSep/0052.html
> What's the status of the XML Schema Errata?
> ]
<Gregor>
I do not understand. In the email cited above it is stated that XML Schema
does not provide default attributes as normalized values, but only as
PSVI normalized attribute values. This is a problem different from what
I have described, isn't it?
</Gregor>
> On Tuesday 28 August 2001 09:51, Gregor Karlinger wrote:
> > <Gregor>
> > But this means that you cannot verify correctly a signature that
> > (for instance) has produced the base64 of a DigestValue in a way
> > that is different from the schema-normalized form, doesn't it?
> > Or do skip schema validation before verifying a XML signature?
>
> If you are using a Transform such as schema validation, and you aren't
> confident in its conformance, then (unfortunately) you shouldn't
> use it for
> now.
<Gregor>
The problem I have results rather form using schema validation during the
signature processing rather than using it as a Transform:
In our implementation, when verifying a signature, we perform as a first
step a schema validating parsing using Xerces to check the syntax of the
signature.
What we expect as the result of this parsing from Xerces are the
normalized
values. Xerces fulfills these expectations, with one exception: The value
of base64 types is presented in schema normalized form.
</Gregor>
> > I think this problem is quite a severe one, since many implemen-
> > tations rely on the Xerces parser. I have reported the Xerces
> > behaviour on schema-validating base64 text as a bug a while ago
> > ([1]), but unfortunately I have not convinced them.
> >
> > [1] http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
> >
> > I suggest that we should try a bug report once again, maybe in
> > the name of the Signature WG. Joseph?
>
> I'm game but I've never submitted a report to Xerces -- do I need
> to set up
> an account?
<Gregor>
It is quite simple:
1. Create an account (specify your name and email address) on page
http://nagoya.apache.org/bugzilla/createaccount.cgi
2. Submit bug at page
http://nagoya.apache.org/bugzilla/enter_bug.cgi?product=Xerces-J
</Gregor>
> Did you respond to the resolution, it's pretty
> obvious they don't
> understand our issue:
>
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=1228
> >whiteSpace facet value is collapsed for base64Binary.
> >Thus, xerces does the right thing.
<Gregor>
No, unfortunately not. I mixed up things at that time and thought they
are right.
</Gregor>
Liebe Gruesse/Regards,
---------------------------------------------------------------
DI Gregor Karlinger
mailto:gregor.karlinger@iaik.at
http://www.iaik.at
Phone +43 316 873 5541
Institute for Applied Information Processing and Communications
Austria
---------------------------------------------------------------
Received on Wednesday, 29 August 2001 01:47:43 UTC