santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: base64Binary, canonical form ?
Date Mon, 19 Dec 2005 14:47:07 GMT
> However, when experimenting with the (Java) Canonicalizer class, using
> the method ALGO_ID_C14N_EXCL_OMIT_COMMENTS, I see that it does include
> whitespace (using xmlsec-1.2.1).

XML c14n is not the same as schema c14n. The inclusive and exclusive c14n
specs do not specify that the resulting output is in schema c14n form, and
since they don't involve schema at all, they wouldn't know what the types
were in order to perform that step.

> Am I reading the spec incorrectly, or is this a bug in the 
> canonicalizer ?

You're confusing two specs.

Note that the implication of this is that you have to be very careful when
validating XML and then verifying signatures over it because of how parsers
work. Using data normalization while parsing can corrupt the signature, and
virtually every parser version has subtle differences in how they deal with
base64.

-- Scott


Mime
View raw message