- From: Joseph Reagle <reagle@w3.org>
- Date: Wed, 17 Jul 2002 11:29:28 -0400
- To: merlin <merlin@baltimore.ie>, "Takeshi Imamura" <IMAMU@jp.ibm.com>
- Cc: xml-encryption@w3.org
On Tuesday 16 July 2002 04:09 pm, merlin wrote: > I am speaking specifically of section 4.3.4; I would propose: > > * Perhaps drop item 1. If no version is specified, the > default is, I believe 1.0; we've already dropped the > default UTF-8 encoding. C14n doesn't produce this either. > * Drop item 2. > * Drop the DOCTYPE (and XML declaration) from the two XML fragments. > > To be honest, I would have no qualms about making these changes > and no other. If you feel text is necessary, then I would suggest > that 4.3.3 simply notes that the serialization process should not > emit entity references as these may not be available during > subsequent parsing. > > My main concern is simply that 4.3.4 cannot be implemented on DOM, > and we don't handle general entities anywhere else in the XML > security specs. I believe in parallel messages Takeshi is indicating that the changes are not necessary (at least for his implementation) [1] and some text noting that care should be used "when emitting entity references" [2]. However, to be clear, perhaps Takeshi could reply specifically to your points and propose then (depending on how they are addressed) text on the emitting entity references. [1] http://lists.w3.org/Archives/Public/xml-encryption/2002Jul/0019.html [2] http://lists.w3.org/Archives/Public/xml-encryption/2002Jul/0020.html
Received on Wednesday, 17 July 2002 11:29:46 UTC