- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 24 Jul 2002 15:16:44 -0400
- To: Rich Salz <rsalz@datapower.com>, Carl Ellison <cme@jf.intel.com>
- Cc: "XML Signature (W3C/IETF)" <w3c-ietf-xmldsig@w3.org>
On Wednesday 24 July 2002 01:30 pm, Rich Salz wrote: > It is sad that there are five C14N algorithms (minimal, c14n c14n > w/comments, excl, excl w/comments). We followed the use cases. The first was signing parts of forms, for which c14n works well (and we decided to make a comments parameter since we couldn't rule them in or out all-together). exc-c14n followed the messaging scenario. I don't think it's accurate to even say there is a "minimal" c14n as presently there is no normative specification nor interop report. Instead, all we recommend is if people have constrained applications what characters they need to grab in the SignedInfo and their operation can be profiled/constrained to always read/write c14n syntax. >Judging by experience with multiple > hashing algorithms, this will lead to interoperability hassles. Interop results are good so far. Interop hassles can arise with respect to "esoteric" node-sets and we have lots of text on this now. To be more strict, in hindsight, we could've constrained the input (e.g., only accepts well-balanced XML, otherwise fail), but we went the flexible route with warnings about the trouble one might get in to. > My suggestion is actually to deprecate c14n in favor of excl. While for most purposes, I'd recommend exc-c14n over c14n, c14n still has its uses (e.g., XML Encryption).
Received on Wednesday, 24 July 2002 15:16:59 UTC