Re: NFC from Joseph Reagle on 2002-03-18 (xml-encryption@w3.org from March 2002)

From: Joseph Reagle <reagle@w3.org>
Date: Mon, 18 Mar 2002 15:11:34 -0500
To: merlin <merlin@baltimore.ie>
Cc: xml-encryption@w3.org, duerst@w3.org
Message-Id: <200203182011.PAA30235@tux.w3.org>

On Thursday 14 March 2002 17:24, merlin wrote:
> If xmldsig (by virtual of c14n) requires that NFC conversion be
> done by the application's XML processor, it seems appropriate
> that xmlenc place the requirement at the same place. Otherwise,
> use of the two specs together isn't completely consistent.

I think you are correct about symmetry... XMLDSIG says that it RECOMMENDS 
all serializations use NFC and states that the two that it specificies DO:

http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-c14nAlg
Various canonicalization algorithms transcode from a non-Unicode encoding 
to Unicode. The two algorithms below perform text normalization during 
transcoding [NFC, NFC-Corrigendum]. We RECOMMEND that externally specified 
canonicalization algorithms do the same.

Furthermore:

http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#sec-See
All documents operated upon and generated by signature applications MUST be 
in [NFC, NFC-Corrigendum] (otherwise intermediate processors might 
unintentionally break the signature) 

> I wonder could we rephrase XML encryption similarly to c14n:
>
> 1.   If the data is an 'element' [XML, section 3] or element
>      'content' [XML, section 3.1], obtain the octets by serializing the
>      data in UTF-8 as specified in [XML]. Serialization MAY be done by
>      the encryptor. If the encryptor does not serialize, then the
>      application MUST perform the serialization. The XML processor used
> to prepare the XML data is REQUIRED to use Unicode Normalization Form C
> [NFC, NFC-Corrigendum] when converting an XML document to the UCS
> character domain from any encoding that is not UCS-based (currently,
> UCS-based encodings include UTF-8, UTF-16, UTF-16BE, and UTF-16LE, UCS-2,
> and UCS-4).

However, I'm not sure what is meant by this... What do you mean by "XML 
processor." We've defined an application and encryptor. Either the 
*application* or the *encryptor* serialize the data, if they do so, they 
would have to use NFC right, particularly if it's signed?

-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Monday, 18 March 2002 15:11:38 UTC