Re: Decryption Transform processing question

>>    1. Convert X to an octet stream as described in The Reference
>>       Processing Model (section of the XML Signature
>>       specification [XML-Signature].
>> <AK> Apply XML-C14N to node-set X defined above. </AK>
>Now that we have the option, is there any reason to use exc-14n instead of
>c14n? Takeshi, Hiroshi ?

I thought this and found that there is a case where exc-c14n does not work.
Suppose that we have the following document:

<a xmlns="ns1" xmlns:p="ns2">

and then encrypt the <p:c> element.  The document will be as follows:

<a xmlns="ns1" xmlns:p="ns2">
  <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData>

Then, suppose that we provide the node-set corresponding to the document to
the transform.  If we use exc-c14n instead of c14n, we will have the
following document:

<a xmlns="ns1">
  <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData>

where it is noted that the namespace declaration attribute for ns2 is
removed.  Because of this, we should fail to parse the decrypted document.
If I missed something, please let me know.

Tokyo Research Laboratory
IBM Research

Received on Friday, 26 April 2002 02:43:50 UTC