Re: Decryption Transform processing question

>>> I am speaking specifically of section 4.3.4; I would propose:
>>>
>>> * Perhaps drop item 1. If no version is specified, the
>>>   default is, I believe 1.0; we've already dropped the
>>>   default UTF-8 encoding. C14n doesn't produce this either.
>>> * Drop item 2.
>>> * Drop the DOCTYPE (and XML declaration) from the two XML fragments.
>>>
>>> To be honest, I would have no qualms about making these changes
>>> and no other. If you feel text is necessary, then I would suggest
>>> that 4.3.3 simply notes that the serialization process should not
>>> emit entity references as these may not be available during
>>> subsequent parsing.
>>>
>>> My main concern is simply that 4.3.4 cannot be implemented on DOM,
>>> and we don't handle general entities anywhere else in the XML
>>> security specs.
>>
>>I believe in parallel messages Takeshi is indicating that the changes are

>>not necessary (at least for his implementation) [1] and some text noting
>>that care should be used "when emitting entity references" [2]. However,
to
>>be clear, perhaps Takeshi could reply specifically to your points and
>>propose then (depending on how they are addressed) text on the emitting
>>entity references.
>
>I think it boils down to how the DOM spec[1] is to be
>interpreted. I'm happy to leave our text as-is, if it is
>reasonable to assume that all DOM implementations must provide
>entity declaration information. Otherwise, our text seems like
>a potentially unreasonable requirement. I don't consider this
>a terribly important issue; I just happened across that part
>of the DOM spec and it struck me as a potential problem.

I'm not sure whether such an assumption is reasonable, but given the fact
that our processing rule allows an application to perform serialization and
hence we cannot avoid that some entity references are included, I think
that if entity declaration information is available, we should care about
entity declarations.  If we do so, all we have to do is, as you proposed,
to drop item 1 from the process and an XML declaration from an example in
Section 4.3.4.

By the way, it seems that the draft does not contain any description about
"parsing context".  Shouldn't we add it, possibly to Section 4.3.1?

Thanks,
Takeshi IMAMURA
Tokyo Research Laboratory
IBM Research
imamu@jp.ibm.com

Received on Thursday, 18 July 2002 00:38:40 UTC