Lists Home |
Date Index |
- From: David Megginson <firstname.lastname@example.org>
- To: Chris Smith <email@example.com>
- Date: Thu, 11 Dec 1997 06:34:08 -0500
Chris Smith writes:
> There are two questions at hand, largely directed at those creating
> parsers. I'd like to know if the application requirements we are
> proposing ("what to do with the document") are going to be incredibly
> difficult to manage, given what the parsers are providing. I confess
> I'm just getting started here - I will get to investigating the
> various parsers. For now the questions may be useful anyway.
> The first criteria is that message authentication is applied to an
> element in the document. This is a start to precisely defining what is
> being checked. The second criteria is that the message authentication
> must be applied to the XML document as represented in UTF-16 encoding,
> with big-endian convention, AS IT IS WRITTEN. This is to prevent us
> having to specify a consistent *internal* representation. The XML spec
> itself helps define a consistent *external* representation, which we
> figure is easier to stick with than dealing with all the
> cross-platform issues. The question: can this readily be dealt with?
> Is it straight-forward to ask for MessageAuthentication over
> <element>...</element>, with all the content included?
It would be possible to use a parser to do authentication by
generating checksums based on a normalised version of each element,
but not to do it based on the external representation. Right now,
parsers must report whitespace in mixed content and sort-of report it
in element content (yech). There is no requirement to report
whitespace within markup, however.
As a result, parsers are very unlikely to report any difference
between the following two examples (assuming that the "idrefs"
attribute is declared as IDREFS in the DTD):
<link idrefs="foo bar">This is a link.</link>
idrefs = "foo
bar">This is a link.</link>
There are many other problems too, include comments, whitespace
outside of the document element, etc., etc.
I'd recommend that you do your checksum validation on any files that
you have transmitted _before_ you parse them; that way, you can use
existing software (it doesn't have to be XML-aware).
All the best,
David Megginson firstname.lastname@example.org
Microstar Software Ltd. email@example.com
xml-dev: A list for W3C XML Developers. To post, mailto:firstname.lastname@example.org
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/
To (un)subscribe, mailto:email@example.com the following message;
To subscribe to the digests, mailto:firstname.lastname@example.org the following message;
List coordinator, Henry Rzepa (mailto:email@example.com)