- From: Carl Ellison <cme@jf.intel.com>
- Date: Wed, 24 Jul 2002 10:13:50 -0700
- To: "XML Signature (W3C/IETF)" <w3c-ietf-xmldsig@w3.org>
- Cc: Carl Ellison <cme@jf.intel.com>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RFC3075 includes the recommendation: "We RECOMMEND that resource constrained applications that do not implement the Canonical XML [XML-C14N] algorithm and instead choose minimal canonicalization (or some other form) be implemented to generate Canonical XML as their output serialization so as to easily mitigate some of these interoperability and security concerns." We actually have devices that are resource constrained and need to do minimal canonicalization (as part of UPnP), but the way this recommendation is written, it suggests that the constrained device control its output. In fact, if we have two devices, one powerful and doing C14-N and one constrained, it is the powerful one that has to make sure its output is canonicalized. BTW, we would like further guidance about minimal canonicalization from the dsig community, if anyone has it to offer. - Carl -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPT7gTcxqBGb+WvJAEQJU2wCg4Ou3QXgCpM5EkFkdRnZMDGvjfBkAn25g o7xs5QkCNZCk6dvSo3se0kD6 =QxJm -----END PGP SIGNATURE----- +--------------------------------------------------------+ |Carl Ellison Intel Labs E: cme@jf.intel.com | |2111 NE 25th Ave T: +1-503-264-2900 | |Hillsboro OR 97124 F: +1-503-264-6225 | |PGP Key ID: 0xFE5AF240 C: +1-503-819-6618 | | 1FDB 2770 08D7 8540 E157 AAB4 CC6A 0466 FE5A F240 | +--------------------------------------------------------+
Received on Wednesday, 24 July 2002 13:14:25 UTC