Cart
[Home] [By Thread] [By Date] [Recent Entries]
Aren't documents automatically canonicalised before the signature is generated?
If not, then why is the canonicalisation method included as part of the
signature information?
Cheers,
Tony.
========
Anthony B. Coates
Leader of XML Architecture & Design
Chief Technology Office
Reuters Plc, London.
tony.coates@r...
========
On 04/04/2001 10:54:08 Paul Spencer wrote:
>You need to differentiate between the meaning of the document and the
>lexical representation. The signature works at the lexical level, so
>everything is significant. This includes, for example, whether you use
>single or double quotes round attribute values. The simple answer is
>therefore that you cannot do *any* manipulation of the data. Even reading a
>document into a DOM where part of the document is signed, manipulating the
>unsigned part, then writing it back could invalidate the signature as the
>DOM processing will not preserve the lexical aspects of the document.
>
>That is the bad news. The good news is canonicalization (c14n). By putting
>the document into a standard canonicalized form before signing it, you can
>manipulate the document later and put it back into the same canonicalized
>form. Depending on what you have been doing to the document in the meantime,
>this should preserve the validity of the signature. The W3C has a c14n REC
>http://www.w3.org/TR/xml-c14n.
-----------------------------------------------------------------
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
|
