santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jon Olav Linde" <Jon.Olav.Li...@beepscience.com>
Subject RE: base64Binary, canonical form ?
Date Mon, 19 Dec 2005 14:57:23 GMT

I see. That answers my question perfectly.
Thank you very much.

/Jon Olav

> -----Original Message-----
> From: Scott Cantor [mailto:cantor.2@osu.edu]
> Sent: 19. desember 2005 15:47
> To: security-dev@xml.apache.org
> Subject: RE: base64Binary, canonical form ?
>
>
> > However, when experimenting with the (Java) Canonicalizer class, using
> > the method ALGO_ID_C14N_EXCL_OMIT_COMMENTS, I see that it does include
> > whitespace (using xmlsec-1.2.1).
>
> XML c14n is not the same as schema c14n. The inclusive and exclusive c14n
> specs do not specify that the resulting output is in schema c14n form, and
> since they don't involve schema at all, they wouldn't know what the types
> were in order to perform that step.
>
> > Am I reading the spec incorrectly, or is this a bug in the
> > canonicalizer ?
>
> You're confusing two specs.
>
> Note that the implication of this is that you have to be very careful when
> validating XML and then verifying signatures over it because of
> how parsers
> work. Using data normalization while parsing can corrupt the
> signature, and
> virtually every parser version has subtle differences in how they
> deal with
> base64.
>
> -- Scott


Mime
View raw message