W3C home > Mailing lists > Public > xml-encryption@w3.org > March 2001

Re: XML Encryption Data/Processing Model

From: Hiroshi Maruyama <MARUYAMA@jp.ibm.com>
Date: Fri, 30 Mar 2001 18:22:06 +0900
To: xml-encryption@w3.org, xml-signature@w3.org
Cc: Andy_Clark/Santa_Teresa/IBM <Andy_Clark/Santa_Teresa/IBM@jp.ibm.com>
Message-ID: <OF34176C46.048F3352-ON49256A1F.0031E704@LocalDomain>

One thing that we noticed as problematic when looking at
is the treatment of xml:lang and xml:space in
C14N, if we use C14N for serialization.  C14N requires you to "push" the
xml:lang and xml:space declarations in the outer context into the C14Ned

For example, canonicalizing the <bar/> element in

<foo xml:lang='JA">
   <bar />

will yield

<bar xml:lang="JA"/>.

Now, consider a sign-and-then-encrypt scenario for the following document.

<el2sign xml:lang="JA">

where <el2sign> is signed and then <el2enc> is encrypted.  If we use C14N
before encrypting <el2enc>, it will be converted to

<el2enc xml:lang="JA">secret</el2enc>

and consequently, after decryption the signature verifier will see

<el2sign xml:lang="JA">
   <el2enc xml:lang="JA">secret</el2enc>

Unfortunately, C14Ning this will not remove the duplicate xml:lang
in <el2enc>.  Therefore, the signature does not verify.


We rather think this is due to lack of consistency in C14N.  If C14N
treats "xml:lang in effect" rather than "xml:lang declarations" as
significant, it should remove redundant xml:lang declarations.  If C14N
thinks "xml:lang declarations" significant, it should not copy
outer declaration into C14Ned element.

Incidentally, C14N is consistent in treatment of namespace declarations -
it always treats "in-scope namespaces" only and redundant
namespace declarations are removed.

Because C14N is already fixed, I do not think we can use C14N
as serialization of encrypted data.  We are trying to define a
that would preserve the declarations as they appear in the original


Hiroshi Maruyama
Manager, Internet Technology, Tokyo Research Laboratory

From: "Joseph M. Reagle Jr." <reagle@w3.org>@w3.org on 2001/03/30 04:15

Please respond to "Joseph M. Reagle Jr." <reagle@w3.org>

Sent by:  xml-encryption-request@w3.org

To:   Takeshi Imamura/Japan/IBM@IBMJP
cc:   "XML Encryption WG " <xml-encryption@w3.org>, Hiroshi
Subject:  Re: XML Encryption Data/Processing Model

At 19:33 3/29/2001 +0900, Takeshi Imamura wrote:
>The serialization is not so sensitive if only encryption is performed.
>However, that may not be true if both encryption and signature are
>performed on a document.  For example, suppose that a user signs and then
>encrypts a document, where he defines and uses his own serialization which
>does not preserve information set.  Another user will fail in verifying
>signature because the original document cannot be retrieved.  For such
>reason, I think we should define at least a serialization for information

Very good point, I added that to the text in that section. However, I don't
think the Infoset or DOM data models lack anything required by Canonical
XML. (The part of XPath data model used by Canonical XML is a subset of
DOM and Infoset, right?) Even if this is the case (doesn't necessitate the
use of Infoset or DOM), do you have a preference between the two?

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Friday, 30 March 2001 04:22:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 23:13:02 UTC