- From: Joseph Reagle <reagle@w3.org>
- Date: Mon, 10 Sep 2001 12:48:19 -0400
- To: merlin <merlin@baltimore.ie>
- Cc: w3c-ietf-xmldsig@w3.org
On Thursday 06 September 2001 13:45, merlin wrote: > WRT the PR review comment, it seems inconsistent that we say > *don't* schema validate, but *maybe* DTD validate. I know > that this has been a question from at least one customer, so > some clarification might be in order. I'd vote for *don't* > validate against an external DTD either. We've nailed down > implicit serialization (c14n); implicit parsing might be > good too. Well fortunately, I'm don't think XML1.0 (DTD) validation will affect the instance all that much: introduces changes that survive C14N. We don't use default attributes/values in the signature DTD. We do define internal entities which require validating parsing, but I just added some text to 1.3 saying while we use them for editorial purposes, they aren't recommended in actual instances. Can anyone else think of anything that would break (survive C14N) where one party validated the signature, and the other didn't? (Or even yet, run a test?) Can we leave it up to the application by permitting it to include the DOCTYPE with DTD reference or not? (This was my assumption.) How many people actually DTD validate during their processing?
Received on Monday, 10 September 2001 12:49:26 UTC