- From: merlin <merlin@baltimore.ie>
- Date: Thu, 31 Jan 2002 22:43:05 +0000
- To: reagle@w3.org
- Cc: w3c-ietf-xmldsig@w3.org
- Message-Id: <20020131224305.6554843C56@yog-sothoth.ie.baltimore.com>
I believe that your exc-c14n is missing xmlns="http://www.ietf.org" on the e7 element. My three c14n results are: <e6 xmlns:a="http://www.w3.org" xmlns:foo="http://www.bar.org" test="../baz" xml:base="http://www.example.org/2002/"> <e7 xmlns="http://www.ietf.org"> <e8 xmlns="" a:foo="bar"> <e9 xmlns:a="http://www.ietf.org" attr="default"></e9> </e8> </e7> </e6> <e6 test="../baz"> <e7 xmlns="http://www.ietf.org"> <e8 xmlns="" xmlns:a="http://www.w3.org" a:foo="bar"> <e9 attr="default"></e9> </e8> </e7> </e6> <e6 xmlns:a="http://www.w3.org" test="../baz"> <e7 xmlns="http://www.ietf.org"> <e8 xmlns="" a:foo="bar"> <e9 xmlns:a="http://www.ietf.org" attr="default"></e9> </e8> </e7> </e6> Attached is a signature that captures these three examples; compare with md5sum output via: echo <message digest from reference> | \ openssl base64 -d | hexdump -e '16/1 "%02x" "\n"' ... or something like that. Merlin r/reagle@w3.org/2002.01.31/11:41:47 >xmldsig makes a rather nice testing framwork for the transforms, but absent th >at >here are 3 results and there resulting `| md5sum` . > >C14N ON e6 SUBSET >policy: xmlsec-python> test_c14n.py -i eg3.xml -x '(//. | //@* | //namespace:: >*)[ancestor-or-self::e6]' ><e6 xmlns:a="http://www.w3.org" xmlns:foo="http://www.bar.org" test="../baz" x >ml:base="http://www.example.org/2002/"> > <e7 xmlns="http://www.ietf.org"> > <e8 xmlns="" a:foo="bar"> > <e9 xmlns:a="http://www.ietf.org" attr="default"></e9> > </e8> > </e7> > </e6> >01a0569ae06ef9827afd55572b096b74 > >EXC-C14N ON e6 SUBSET >policy: xmlsec-python> test_c14n.py -e -i eg3.xml -x '(//. | //@* | //namespac >e::*)[ancestor-or-self::e6]' ><e6 test="../baz"> > <e7> > <e8 xmlns:a="http://www.w3.org" a:foo="bar"> > <e9 attr="default"></e9> > </e8> > </e7> > </e6> >aaddbe1fdb6122ad46af56e038bd721b > >EXC-C14N WITH INCLUSIVENAMESPACE PREFIXLIST="a" ON e6 SUBSET >policy: xmlsec-python> test_c14n.py -e -p "a" -i eg3.xml -x '(//. | //@* | //n >amespace::*)[ancestor-or-self::e6]' ><e6 xmlns:a="http://www.w3.org" test="../baz"> > <e7> > <e8 a:foo="bar"> > <e9 xmlns:a="http://www.ietf.org" attr="default"></e9> > </e8> > </e7> > </e6> >f86803163965ce052a40657493ff5e69 > > >-- > >Joseph Reagle Jr. http://www.w3.org/People/Reagle/ >W3C Policy Analyst mailto:reagle@w3.org >IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ >W3C XML Encryption Chair http://www.w3.org/Encryption/2001/part 2 ----------------------------------------------------------------------------- Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses. http://www.baltimore.com
Attachments
- text/xml attachment: signature-joseph-exc.xml
Received on Thursday, 31 January 2002 17:43:16 UTC