[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-xmldsig-xc14n-00.txt

To: Randy Bush <randy@psg.com>
Subject: Re: draft-ietf-xmldsig-xc14n-00.txt
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 28 Apr 2003 22:16:41 -0400
Cc: iesg <iesg@ietf.org>
In-reply-to: Your message of "Mon, 28 Apr 2003 10:58:03 PDT." <E19ACtA-00040E-Df@roam.psg.com>

In message <E19ACtA-00040E-Df@roam.psg.com>, Randy Bush writes:
>well, smb asked me to review this one.  but i do not meet the
>condition stated in 1.0
>
>   An understanding of the Canonical XML Recommendation [XML-C14N]
>   is required.
>
>except s/understanding/reading/.  and i am on a plane, so can not
>dereference the w3.org urls.  so take my comments with a generous
>dipping of shoyu.
>
>1.3.1 demands non-imported namespaces be redeclared at apex nodes,
>or in the interpreting context.  i would think that, alternatively
>but maybe not deeply interestingly, they might be declared at
>orphans which are ancestors of all uses.
>
>3.1.3.4 is missing the verb clause.  i think it is likely that of
>3.1.3.3, i.e., render a default namespace declaration, xmlns="".
>
>the sec cons statements seem semantically correct and complete.
>whether you dislike the restriction in 5.2, esoteric cases,
>sufficiently to special case it would seem to depend on your
>willingness to get kinky to deal with non-well-formed xml.  i am
>not so willing.
>

I think, then, that my objections can be satisifed by s/must/MUST/ in
1.3(1) and (2).

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

References:
- Re: draft-ietf-xmldsig-xc14n-00.txt
  - From: Randy Bush <randy@psg.com>

Prev by Date: PPVPN: next steps
Next by Date: Re: Evaluation: draft-ietf-ccamp-lmp - Link Management Protocol (LMP) to Proposed Standard
Previous by thread: Re: draft-ietf-xmldsig-xc14n-00.txt
Next by thread: draft-ietf-xmldsig-xc14n-00.txt
Index(es):
- Date
- Thread