- From: Takeshi Imamura <IMAMU@jp.ibm.com>
- Date: Fri, 26 Apr 2002 15:43:34 +0900
- To: reagle@w3.org
- Cc: Ari Kermaier <arik@phaos.com>, "Hiroshi Maruyama" <maruyama@jp.ibm.com>, xml-encryption@w3.org
>> 1. Convert X to an octet stream as described in The Reference >> Processing Model (section 4.3.3.2) of the XML Signature >> specification [XML-Signature]. >> >> <AK> Apply XML-C14N to node-set X defined above. </AK> > >Now that we have the option, is there any reason to use exc-14n instead of >c14n? Takeshi, Hiroshi ? I thought this and found that there is a case where exc-c14n does not work. Suppose that we have the following document: <a xmlns="ns1" xmlns:p="ns2"> <b>...</b> <p:c>...</p:c> </a> and then encrypt the <p:c> element. The document will be as follows: <a xmlns="ns1" xmlns:p="ns2"> <b>...</b> <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData> </a> Then, suppose that we provide the node-set corresponding to the document to the transform. If we use exc-c14n instead of c14n, we will have the following document: <a xmlns="ns1"> <b>...</b> <EncryptedData xmlns="http://.../xmlenc#">...</EncryptedData> </a> where it is noted that the namespace declaration attribute for ns2 is removed. Because of this, we should fail to parse the decrypted document. If I missed something, please let me know. Thanks, Takeshi IMAMURA Tokyo Research Laboratory IBM Research imamu@jp.ibm.com
Received on Friday, 26 April 2002 02:43:50 UTC