- From: by way of Joseph Reagle <merlin@baltimore.ie>
- Date: Tue, 16 Jul 2002 16:09:26 -0400
- To: xml-encryption@w3.org
r/reagle@w3.org/2002.07.16/12:45:04 >On Monday 15 July 2002 08:06 pm, merlin wrote: >> C14n isn't necessarily right because it will not output entity >> declarations. I was hoping to punt to the serialized form that X was >> constructed from; but, of course, there may not have been an original >> serialized form. >> >> Actually, that's a problem: Our defined wrapping (emit entity >> declarations) cannot be implemented on DOM; DOM does not expose that >> information. Is it really necessary? Could we assume/require that >> serialized/encrypted XML does not use entity references and strip that >> text from the spec? In that case, c14n would be fine, presuming that X >> isn't a weird node-set, and life would be easier. > >I'm happy to constrain it in a well defined way. Regardaless, X is > supposed to be a node set corresponding to a serialized #Element or > #Content, so I'm not expecting anything funky on that note. On the entity > point, your speaking of section 4.3.4, "If the parsing context contains > any general entities, then emit a document type declaration that provides > entity declarations declaring the entities." ? I am speaking specifically of section 4.3.4; I would propose: * Perhaps drop item 1. If no version is specified, the default is, I believe 1.0; we've already dropped the default UTF-8 encoding. C14n doesn't produce this either. * Drop item 2. * Drop the DOCTYPE (and XML declaration) from the two XML fragments. To be honest, I would have no qualms about making these changes and no other. If you feel text is necessary, then I would suggest that 4.3.3 simply notes that the serialization process should not emit entity references as these may not be available during subsequent parsing. My main concern is simply that 4.3.4 cannot be implemented on DOM, and we don't handle general entities anywhere else in the XML security specs. Merlin
Received on Tuesday, 16 July 2002 16:09:27 UTC