RE: Flaw of C14N regarding xml:id from John Boyer on 2005-07-25 (w3c-ietf-xmldsig@w3.org from July to September 2005)

From: John Boyer <JBoyer@PureEdge.com>
Date: Mon, 25 Jul 2005 10:16:45 -0700
To: "Gregor Karlinger" <gregor.karlinger@iaik.tugraz.at>
Cc: "w3c.xmldsig ML" <w3c-ietf-xmldsig@w3.org>
Message-ID: <7874BFCCD289A645B5CE3935769F0B527508FD@tigger.pureedge.com>

Hi Gregor,

Please have a look at the dsig archives as this issue came up quite 
a while back when xml:id was not yet approved.

I expressed the concern that our understanding of namespaces in the
2001 timeframe was that a namespace URI "identified" a specific 
namespace, which was defined to be a specific collection of names.

The collection of names identified by the XML uri is being changed,
so of course some documents will now not work.

It is ultimately up to the W3C to decide how to fix this issue.
The majority of people who commented at the time wanted to fix the
problem by issuing an erratum to C14N as it was easier than taking
xml:id out of the recommendation track.  I assume that since the 
W3C has gone ahead with the xml:id recommendation that they will
also go ahead with the C14N erratum...

Cheers,
John Boyer


-----Original Message-----
From: Gregor Karlinger [mailto:gregor.karlinger@iaik.tugraz.at]
Sent: Tuesday, July 19, 2005 11:22 PM
To: John Boyer
Cc: w3c.xmldsig ML
Subject: AW: Flaw of C14N regarding xml:id


I have just recognized that the email did not make it to the list, so I
will try once again.

/Gregor

> -----Ursprüngliche Nachricht-----
> Von: Gregor Karlinger
> Gesendet: Montag, 18. Juli 2005 13:27
> An: JBoyer@PureEdge.com
> Cc: w3c.xmldsig ML (w3c-ietf-xmldsig@w3.org)
> Betreff: Flaw of C14N regarding xml:id
> 
> Dear John,
> 
> I have just came across the xml:id 1.0 proposed recommendation published
> by W3C on July 12th 2005 [1].
> 
> Unfortunately C14N [2] will not work with XML documents conforming with
> this (future) specification, as is described in appendix C of [1]:
> 
> ---
> C Impact on Canonicalization (Non-Normative)
> 
> The Canonical XML Version 1.0 specification describes a process whereby
> attributes in the xml: namespace are inherited in a canonicalized
> document. While this produces a reasonable result with xml:lang or
> xml:space attributes, processing xml:id attributes in this way is likely
> to produce documents that contain xml:id errors, specifically xml:id
> attribute values that are not unique.
> 
> This is an apparent flaw in the design of Canonical XML. The Exclusive
XML
> Canonicalization Version 1.0 specification does not have this feature
and
> may be more appropriate for documents containing IDs.
> ---
> 
> I think that we should consider an erratum for C14N to overcome the
slight
> problem, that emerges with xml:id. It should be enough to explicitely
> exclude xml:id from the rule described in the second paragraph of
section
> 2.4 of [2].
> 
> What do you think?
> 
> Best regards,
> Gregor
> 
> ---
> [1] http://www.w3.org/TR/2005/PR-xml-id-20050712/
> [2] http://www.w3.org/TR/xml-c14n
>

Received on Monday, 25 July 2005 17:16:59 UTC