[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Major backtracking on canonicalization

Greetings again. I gravely misunderstood XML Canonicalization, and as it has been explained to me now, XML Canonicalization would be a disaster for Atom: what we want is Exclusive XML Canonicalization. See <http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>.

What I didn't get was that in normal XML Canonicalization, the canonicalized version gets all the external definitions added as text; that doesn't happen in Exclusive XML Canonicalization. I thought that in normal XML Canonicalization, those definitions got assumed; I didn't realize that they got actually put in as text. Yuck.

(I cannot understand how the folks who put together XMLDigSig could allow normal XML Canonicalization to be even thought of, much less the only required form. What a mess.)

Now that I understand this better, I believe that our text should read:

[[ NEW ]]

   Section 6.5.1 of [W3C.REC-xmldsig-core-20020212] requires support
   for Canonical XML. However, many people believe that Canonical XML
   may be deprecated in the future, and many implementers do not use
   it because signed XML documents enclosed in other XML documents have
   their signatures broken. Thus, Atom Processors that verify signed
   Atom Documents MUST be able to canonicalize with Exclusive XML

Does anyone object to that?

--Paul Hoffman, Director
--Internet Mail Consortium