- From: Martin Gudgin <mgudgin@microsoft.com>
- Date: Tue, 1 Oct 2002 08:45:21 -0700
- To: "Marc Hadley" <marc.hadley@sun.com>, <noah_mendelsohn@us.ibm.com>
- Cc: "Rich Salz" <rsalz@datapower.com>, <xml-dist-app@w3.org>
> -----Original Message----- > From: Marc Hadley [mailto:marc.hadley@sun.com] > Sent: 01 October 2002 16:34 > To: noah_mendelsohn@us.ibm.com > Cc: Rich Salz; Martin Gudgin; xml-dist-app@w3.org > Subject: Re: Proposal for various Infosetisms > > > On Tuesday, Oct 1, 2002, at 10:51 US/Eastern, > noah_mendelsohn@us.ibm.com wrote: > > > > Furthermore, even whitespace can represent a covert channel, > > admittedly only when someone is quite malicious. As you > say, I think > > that sigining a whole message is indeed potentially interesting. I > > disagree that a canonical form is needed beyond the infoset. We > > merely need a checksum that is the same whenever the infoset is the > > same, and with very high probability is different when the > infoset is > > different. Very useful, and > > seemingly straightforward, IMO. > > > In the above do you mean the XML Infoset or a more liberal 'SOAP > Infoset' where e.g. env:mustUnderstand="false" on a header > block is the > same as omitting an env:mustUnderstand attribute > > Our spec says that: > > <myns:myHeaderBlock xmlns:myns="..." > env:mustUnderstand="false">...</myns:myHeaderBlock> > > should be treated identically to > > <myns:myHeaderBlock xmlns:myns="...">...</myns:myHeaderBlock> > > and that an intermediary can remove env:mustUnderstand="false" AIIs > from header blocks in messages it forwards. I think one of the effects of my proposal is to prohibit the above. Gudge
Received on Tuesday, 1 October 2002 11:45:53 UTC