RE: History: Question on C14N list of nodes instead of subtrees

Hi all,

We 'flattened' the nodes because that is, in essence, what serialization
is doing.

The real question is why does every node have to be in a node-set in
order for it to appear in the serialization, i.e. why can't we just
refer to an entire subtree.

Before I answer, I would point out that XPointer is based on XPath, and
XPath has the same capability w.r.t. its possible use for indicating
subtrees rather than individual nodes (e.g. its use in XSLT, which does
not need all descendants because it can naturally recurse when
necessary).  In other words, XPath is a tool for indicating node-sets.
The node sets can be interpreted in any way necessary according to the
needs of the consuming application (they could be considered as the
roots of subtrees, individual nodes, or the heads of sublists of
siblings, ...)

Anyway, we selected to interpret the result of an XPath as indicating
individual nodes to be serialized.  This is legal under the
interpretation of the word "set".  Indeed, it is even possible to do
this with XPointer (location-set), and I advocated this at one point,
but the group decided against using XPointer only because we wanted a
shorter time to REC (though this was over a year ago!).

Aside from legality, the individual node interpretation of XPath results
was necesssary in order to implement the notion of signature filters,
which specify the portion of a document to be signed and/or the portion
to be omitted, the latter being inherently more secure.  I did an RSA
2000 presentation on this issue and numerous emails exist in the archive
about 'document closure'.  The basic idea is that if you specify the
portions of a document covered by a signature, then it is easy to add to
the document without breaking the signature.  It becomes very difficult
to assess whether the additions have an implicit impact on the signed
material.  By comparison, if a signature says "sign everything except X,
Y, Z" then additions other than X, Y and/or Z will break the signature.
It is comparatively easier to establish the security of a message if all
you have to prove is that X, Y and Z cannot cause a security problem
within the application domain (or that any such possibility is covered
by post-core-validation application-specific steps).  

In essence, we made easy things a little harder to say so that we could
make hard things possible to say.

Finally, as to the speed issue that the originator is experiencing, I'd
say he is suffering from a non-optimized implementation.  The reason is
that an O(n) traversal of the nodes of a parse tree is sufficient for
including all such nodes in a node-set.  Since all members of the
node-set will be rendered in a serialization, the cost is O(n).  Thus,
the cost of putting all nodes in a node-set should (or can at least) be
commensurate with serialization.  If it is taking progressively longer
to calculate the node-set as the XML document grows, then the XPath
implementation needs to be optimized.  Alternately, we only require
behavior equivalent to the evaluation of the (//. | //@* |
//namespace::*) expression.

John Boyer
PureEdge Solutions Inc.

-----Original Message-----
From: Joseph Reagle []
Sent: Wednesday, January 23, 2002 12:28 PM
To: John Boyer; merlin
Subject: History: Question on C14N list of nodes instead of subtrees

A bit of archeology ... I've been corresponding with someone about 
performance and dependence on XPtr recently and brought up message [1].
characterized (perhaps mistakenly) the issue as follows, but this sort
begs the question of why did we "burst/flatten" our nodelist in the
place? Was it so we could easily create subsets as a list of nodes
the "node in subset test" easy?), so that we could easily remove

---- Summary Characterization ----

1. When the signature is in the document being signed (enveloped) it has
except itself from the document: a signature can't contain itself
2. One approach is to use XPath to throw out all the dsig element from
document and then sign it. BUT what if I'm an enveloped signature in a 
document that has *other* signatures that I want to sign. I need a way
say "only throw out the Signatutre element containing *me*" There's no
way to do that so we invented the here() XPath function -- which is also
XPtr now.
3. The example is someone noting that when someone takes the 
enveloped-signature-in-a-document and embeds *that* document into
document, the here() expression and processing gets even heavier!
(4. Also note that in our use of XPath we have lists of XPath nodes 
(flattened/burst), not trees. So if we have an XPath element node
all it is. "because XPointer typically indicates a subtree of an XML 
document's parse tree using just the element node at the root of the 
subtree, whereas Canonical XML treats a node-set as a set of nodes in
absence of descendant nodes results in absence of their representative
from the canonical form."
5. The result is our expression gets really ugly (cause we need to
ask for (//. | //@* | //namespace::*) and the processing from the XPath
*very* slow: parsing the tree and doing counts. Merlin was indicating
in XPointer, the expression would look  prettier (since it points to a 
subtree, not just a flat node list) and I'm wondering about the
of the XPointer here. Now that I think about it here() probably isn't 
something you'd want in a simple profile, but having it be there and
it be implemented by fast implementations could've been of use to us --
could in a future version of xmldsig....

----- Old Email ----


Subject: Re: Problem: referring to a complete sub-tree using XPath
Date: Wed, 25 Apr 2001 09:48:53 +0100
From: merlin <>
To: "Karl Scheibelhofer" <>
Cc: "XMLSigWG" <>

Hi Karl,

XPointer is the tool for this job, not XPath. It can do this
reference in a single path evaluation. The xmldsig standard
supports full same-document XPointer references; it is simply
an issue of implementing it ;}



>i use XPath in a reference to select a element of the same document and
> all its descendants, attributes,... - simply the subtree with the
> specific element as its root.
>i already have a XPath that works. however, its awfully slow, because
>quite long for this simple task it perfoms.
>here a short example
><?xml version="1.0" encoding="UTF-8"?>
><aida:eDocument xmlns:aida=""
>xsi:schemaLocation=" eDocument.xsd">
>  <aida:signedContent>
>    <personnel xmlns:xsi=""
>      <person contr="false" id="Big.Boss">
>        <name>
>          <family>Boss</family>
>          <given>Big</given>
>        </name>
>        <email></email>
>        <link subordinates="one.worker two.worker three.worker
>      </person>
>       ... (omitted some data)
>    </personnel>
>  </aida:signedContent>
>  <dsig:Signature Id="eDocumentSignature-1"
>    <dsig:SignedInfo>
>      <dsig:CanonicalizationMethod
>      <dsig:SignatureMethod
>      <dsig:Reference URI="">
>        <dsig:Transforms>
>          <dsig:Transform
>            <dsig:XPath xmlns:aida=""
>:eDocument[1]/child::aida:signedContent[1]//. |
>here()/ancestor::aida:eDocument[1]/child::aida:signedContent[1]//@* |
>:: *) | self::node()) =
> | here()/ancestor::aida:eDocument[1]/child::aida:signedContent[1]//@*
> here()/ancestor::aida:eDocument[1]/child::aida:signedContent[1]//names
>e:: *))</dsig:XPath>
>          </dsig:Transform>
>        </dsig:Transforms>
>        <dsig:DigestMethod
>      </dsig:Reference>
>    </dsig:SignedInfo>
>Po dMb1xUY1Y 
> 8iHpAcl8Z6xP3mMCK60ROtVCcDRS2v0ydULhJ+IZFjotIgwtGECy9lxZy4LDkeUJ
> RIvtzlDHBnp5jMb1+iLO1aTvkBzNLWbrAGo+rbqely4=</dsig:SignatureValue>
> <dsig:KeyInfo>
>      <dsig:X509Data>
>        <dsig:X509Certificate>MIIC .... (omitted some data)
>      </dsig:X509Data>
>    </dsig:KeyInfo>
>  </dsig:Signature>
>i need the here() functionality to ensure that the signature even
> verifies, if i embed the whole document into another xml document.
>the long XPath the you see in the example just selects the
><aida:signedContent> element with everything contained within this
> element. does anyone know a simpler XPath that does the same job? the
> performance of this is unacceptable: up to some minutes if i have a
> medium XML document in the signed content running without JIT. (i use
> Xerces 1.3.0 [with some patches])
>i did not want to use IDs, to be able to arbitrary include signed
> documents into other documents.
>  Karl Scheibelhofer

Received on Wednesday, 23 January 2002 18:16:12 UTC