James M Snell wrote:
> I am becoming increasingly convinced that a c14n algorithm is
> the *only* way to accomplish the goal here.
The need for C14N should never have been questioned. Where there are
signatures, there *must* be C14N (Canonicalization). In the absence of
explicitly defined C14N rules, the C14N algorithm is simply: "Leave it as it
is!" -- but that is rarely useful and is certainly not useful in the case of
Atom.
The only interesting question is "What is the C14N process for
Atom?" The question: "Is C14N required?" is rhetorical at best. The answer
is "Yes."
> The algorithm would recast the entry being signed as a standalone entity
> with all appropriate namespace declarations, etc.
Precisely. It is also exceptionally important to ensure that a
source element be included in any signed entry in order to ensure that the
signed entry can be copied to other feeds without breaking the signature or
changing the semantics of the entry by allowing feed metadata from the
non-source feed to "bleed" into the entry.
bob wyman
