- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Fri, 26 Oct 2001 12:04:12 +0900
- To: reagle@w3.org, bdournaee@rsasecurity.com
- Cc: xml-encryption@w3.org
Joseph, >Technically speaking, I'd argue they are *not* in conflict. 4.1 says to >serialize, and 5.9 says one of those ways to serialize is c14n. However, I >do agree with you that it makes one wonder when one should use c14n. I >don't think anything in xenc requires c14n. If you need to c14n, it would >relate to integration with xmldsig. Based on my email [1] with Takeshi >regarding the Decryption Transform, it might not even be needed there. > >So Takeshi, where does one use c14n when used with xmldsig, and should we >say it is recommended at all? The c14n is useful in a case, for example, where the outer context of the fragment which was signed and then encrypted may be changed. Otherwise the validation of the signature over the fragment may fail because c14n may include unnecessary namespaces into the fragment. In this case, the decryption transform does not help. So I think that c14n should be recommended. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Thursday, 25 October 2001 23:04:44 UTC