OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DSig & DOM & Databases





Aren't documents automatically canonicalised before the signature is generated?
If not, then why is the canonicalisation method included as part of the
signature information?

     Cheers,
          Tony.
========
Anthony B. Coates
Leader of XML Architecture & Design
Chief Technology Office
Reuters Plc, London.
tony.coates@reuters.com
========

On 04/04/2001 10:54:08 Paul Spencer wrote:

>You need to differentiate between the meaning of the document and the
>lexical representation. The signature works at the lexical level, so
>everything is significant. This includes, for example, whether you use
>single or double quotes round attribute values. The simple answer is
>therefore that you cannot do *any* manipulation of the data. Even reading a
>document into a DOM where part of the document is signed, manipulating the
>unsigned part, then writing it back could invalidate the signature as the
>DOM processing will not preserve the lexical aspects of the document.
>
>That is the bad news. The good news is canonicalization (c14n). By putting
>the document into a standard canonicalized form before signing it, you can
>manipulate the document later and put it back into the same canonicalized
>form. Depending on what you have been doing to the document in the meantime,
>this should preserve the validity of the signature. The W3C has a c14n REC
>http://www.w3.org/TR/xml-c14n.


-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.