- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 18 Oct 2001 09:22:18 -0400
- To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
- Cc: w3c-ietf-xmldsig@w3.org
[To continue the time honored tradition of responding to one's self <smile/>] On Wednesday 17 October 2001 13:11, Joseph Reagle wrote: > Canonical XML and Exclusive Canonical XML do not rewrite URIs. In fact, I > don't think any C14N or transform should be used that isn't standardized > and reviewed. And any C14N that rewrote these URIs should have a stake > driven through their hearts. As an aside, the likelihood of C14N re-writing URIs is not all that unlikely We considered it (in general) with respect to relative URI for namespaces before they were "deprecated" by XML Core, and others might for any sort of relative URI (this might help isolate the context). So I don't mean to dismiss them as something no one would ever consider, people might consider it, but they'll have to be *very* careful. If you did have a C14N that absolutized relative URIs given a base URI, then you would still need to ensure *both* the signer and verifier c14n SignedInfo prior to Reference Validation. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 18 October 2001 09:22:19 UTC