- From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
- Date: Fri, 30 Mar 2001 18:22:06 +0900
- To: xml-encryption@w3.org, xml-signature@w3.org
- Cc: Andy_Clark/Santa_Teresa/IBM <Andy_Clark/Santa_Teresa/IBM@jp.ibm.com>
One thing that we noticed as problematic when looking at signature/encryption is the treatment of xml:lang and xml:space in C14N, if we use C14N for serialization. C14N requires you to "push" the nearest xml:lang and xml:space declarations in the outer context into the C14Ned form. For example, canonicalizing the <bar/> element in <foo xml:lang='JA"> <bar /> </foo> will yield <bar xml:lang="JA"/>. Now, consider a sign-and-then-encrypt scenario for the following document. <el2sign xml:lang="JA"> <el2enc>secret</el2enc> </el2sign> where <el2sign> is signed and then <el2enc> is encrypted. If we use C14N before encrypting <el2enc>, it will be converted to <el2enc xml:lang="JA">secret</el2enc> and consequently, after decryption the signature verifier will see <el2sign xml:lang="JA"> <el2enc xml:lang="JA">secret</el2enc> </el2sign> Unfortunately, C14Ning this will not remove the duplicate xml:lang declaration in <el2enc>. Therefore, the signature does not verify. *** We rather think this is due to lack of consistency in C14N. If C14N treats "xml:lang in effect" rather than "xml:lang declarations" as significant, it should remove redundant xml:lang declarations. If C14N thinks "xml:lang declarations" significant, it should not copy outer declaration into C14Ned element. Incidentally, C14N is consistent in treatment of namespace declarations - it always treats "in-scope namespaces" only and redundant namespace declarations are removed. Because C14N is already fixed, I do not think we can use C14N as serialization of encrypted data. We are trying to define a serialization that would preserve the declarations as they appear in the original document. Hiroshi -- Hiroshi Maruyama Manager, Internet Technology, Tokyo Research Laboratory +81-46-215-4576 maruyama@jp.ibm.com From: "Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 2001/03/30 04:15 Please respond to "Joseph M. Reagle Jr." <reagle@w3.org> Sent by: xml-encryption-request@w3.org To: Takeshi Imamura/Japan/IBM@IBMJP cc: "XML Encryption WG " <xml-encryption@w3.org>, Hiroshi Maruyama/Japan/IBM@IBMJP Subject: Re: XML Encryption Data/Processing Model At 19:33 3/29/2001 +0900, Takeshi Imamura wrote: >The serialization is not so sensitive if only encryption is performed. >However, that may not be true if both encryption and signature are >performed on a document. For example, suppose that a user signs and then >encrypts a document, where he defines and uses his own serialization which >does not preserve information set. Another user will fail in verifying the >signature because the original document cannot be retrieved. For such >reason, I think we should define at least a serialization for information >set. Very good point, I added that to the text in that section. However, I don't think the Infoset or DOM data models lack anything required by Canonical XML. (The part of XPath data model used by Canonical XML is a subset of both DOM and Infoset, right?) Even if this is the case (doesn't necessitate the use of Infoset or DOM), do you have a preference between the two? __ Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Friday, 30 March 2001 04:22:20 UTC