OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] md5sum / sha1sum for XML?

[ Lists Home | Date Index | Thread Index ]

Hi Dave,

I've come in at the tail end of the question, but I what is it you are
trying to achieve?

These days, if a xml document has been sent from A to B, using pretty
much any protocol, it would have gone through many many crc and
integrity checks. Each tcp/ip packet gets it - each file etc. Data
corruption is much less of an issue than it was ever was even since the
days of Kermit and x/zmodem.

Actually, when I think back, my grandfather used to lay telephone lines
across the country. Sometimes the phones would run over a wire fence. At
least there would be a signal. It wasn't crash hot.

He would replace them with proper phone lines.

Anyway, towards the end of his life, this goes back a few years now, I
remember him telling me, "Best way to fix that sort of problem now is
just install a satellite dish. What we did wouldn't be done anymore"

I thought I would just add that...  because I thought it was a funny but
true story. That was my grandfathers time. Things are different now.

I'm sure there are some modern communications facilities where you live?
what island are you living on? :-)

On Thu, 2006-07-13 at 17:50 +0100, Dave Pawson wrote:
> On Wed, 2006-07-12 at 21:50 -0400, Richard Salz wrote:
> > Actually, look at 'exclusive canonicalization.'  Interop shouldn't be a 
> > problem.  It's c14n modified to handle the case of embedding your payload 
> > within some other XML (e.g., SOAP).
> Except that it's the ancestry that's of little interest Rich?
> 'applied to a subdocument, includes the subdocument's ancestor context
> including all of the namespace declarations and attributes in the "xml:"
> namespace.'
> I'm transporting a document from server A to B.
> The wrapper is of import insofar as metadata is concerned.
> the 'payload' is my interest. 
> I'm pretty convinced that md5sum (bit like me) is pretty old 'ish,
>   I'm looking for the younger prettier replacement. 
> Does xml sig provide the reassurance that md5sum did?
> http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/#def-Integrity
> <quote>"The property that data has not been changed, destroyed, or lost
> in an unauthorized or accidental manner." [SEC] A simple checksum can
> provide integrity from incidental changes in the data; message
> authentication is similar but also protects against an active attack to
> alter the data whereby a change in the checksum is introduced so as to
> match the change in the data. </quote>
> Seems to be about right?  digSig == md5sum for y21K?
> I want the metadata to include the magic signature,
> then the payload, as sent, and as verified by the author(ity) 
> and me (as cynic) at the receiving end?
> Do we have implementations and experience that says it works?


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS