xml-dev - Re: [xml-dev] md5sum / sha1sum for XML?

Re: [xml-dev] md5sum / sha1sum for XML?

[ Lists Home | Date Index | Thread Index ]

To: davep@dpawson.co.uk
Subject: Re: [xml-dev] md5sum / sha1sum for XML?
From: David Lyon <david.lyon@preisshare.net>
Date: Fri, 14 Jul 2006 07:20:04 +1000
Cc: xml-dev@lists.xml.org
In-reply-to: <1152809419.5850.25.camel@marge>
References: <OFAAABF139.1849EF6D-ON852571AA.0001AD69-852571AA.000A1CA0@us.ibm.com> <1152809419.5850.25.camel@marge>

Hi Dave,

I've come in at the tail end of the question, but I what is it you are
trying to achieve?

These days, if a xml document has been sent from A to B, using pretty
much any protocol, it would have gone through many many crc and
integrity checks. Each tcp/ip packet gets it - each file etc. Data
corruption is much less of an issue than it was ever was even since the
days of Kermit and x/zmodem.

Actually, when I think back, my grandfather used to lay telephone lines
across the country. Sometimes the phones would run over a wire fence. At
least there would be a signal. It wasn't crash hot.

He would replace them with proper phone lines.

Anyway, towards the end of his life, this goes back a few years now, I
remember him telling me, "Best way to fix that sort of problem now is
just install a satellite dish. What we did wouldn't be done anymore"

I thought I would just add that...  because I thought it was a funny but
true story. That was my grandfathers time. Things are different now.

I'm sure there are some modern communications facilities where you live?
what island are you living on? :-)

On Thu, 2006-07-13 at 17:50 +0100, Dave Pawson wrote:
> On Wed, 2006-07-12 at 21:50 -0400, Richard Salz wrote:
> > Actually, look at 'exclusive canonicalization.'  Interop shouldn't be a 
> > problem.  It's c14n modified to handle the case of embedding your payload 
> > within some other XML (e.g., SOAP).
> 
> Except that it's the ancestry that's of little interest Rich?
> 'applied to a subdocument, includes the subdocument's ancestor context
> including all of the namespace declarations and attributes in the "xml:"
> namespace.'
> 
> I'm transporting a document from server A to B.
> The wrapper is of import insofar as metadata is concerned.
> the 'payload' is my interest. 
> 
> I'm pretty convinced that md5sum (bit like me) is pretty old 'ish,
> 
>   I'm looking for the younger prettier replacement. 
> Does xml sig provide the reassurance that md5sum did?
> http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#def-Integrity
> <quote>"The property that data has not been changed, destroyed, or lost
> in an unauthorized or accidental manner." [SEC] A simple checksum can
> provide integrity from incidental changes in the data; message
> authentication is similar but also protects against an active attack to
> alter the data whereby a change in the checksum is introduced so as to
> match the change in the data. </quote>
> 
> Seems to be about right?  digSig == md5sum for y21K?
> I want the metadata to include the magic signature,
> then the payload, as sent, and as verified by the author(ity) 
> and me (as cynic) at the receiving end?
> 
> Do we have implementations and experience that says it works?
> 
> 
>

References:
- Re: [xml-dev] md5sum / sha1sum for XML?
  - From: Richard Salz <rsalz@us.ibm.com>
- Re: [xml-dev] md5sum / sha1sum for XML?
  - From: Dave Pawson <davep@dpawson.co.uk>

Prev by Date: RE: [xml-dev] The Best Technologies Don't Win
Next by Date: RE: The Best Technologies Don't Win
Previous by thread: Re: [xml-dev] md5sum / sha1sum for XML?
Next by thread: Re: [xml-dev] md5sum / sha1sum for XML?
Index(es):
- Date
- Thread