Return-Path: Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: (qmail 83428 invoked from network); 7 Apr 2011 00:29:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 7 Apr 2011 00:29:09 -0000 Received: (qmail 72199 invoked by uid 500); 7 Apr 2011 00:29:09 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 72158 invoked by uid 500); 7 Apr 2011 00:29:09 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 72149 invoked by uid 99); 7 Apr 2011 00:29:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Apr 2011 00:29:09 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of david.wall@yozons.com designates 67.192.241.191 as permitted sender) Received: from [67.192.241.191] (HELO smtp191.dfw.emailsrvr.com) (67.192.241.191) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Apr 2011 00:29:01 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp19.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 9EF7C3C829C for ; Wed, 6 Apr 2011 20:28:40 -0400 (EDT) X-Virus-Scanned: OK Received: by smtp19.relay.dfw1a.emailsrvr.com (Authenticated sender: david.wall-AT-yozons.com) with ESMTPSA id 68D613C8285 for ; Wed, 6 Apr 2011 20:28:40 -0400 (EDT) Message-ID: <4D9D0535.4090707@yozons.com> Date: Wed, 06 Apr 2011 17:28:37 -0700 From: David Wall Organization: Yozons Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: dev@santuario.apache.org Subject: Re: Issue in Verifying Signing References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 4/6/2011 5:01 PM, Cantor, Scott E. wrote: > The advice from the other poster was > correct, you should be using Enveloped followed by Excl C14N, period. Does this mean CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS or INCLUSIVE shouldn't be used? Seems like all the examples online show the inclusive with comments. Just EXCLUSIVE? What about EXCLUSIVE_WITH_COMMENTS? Just checking on best practice for those who don't do these much... In our case, comments are fine though rarely used, but I'm not really sure about the Inclusive/Exclusive option's implications. David