Bob Wyman wrote:
James M Snell wrote:
I am becoming increasingly convinced that a c14n algorithm is
the *only* way to accomplish the goal here.
The need for C14N should never have been questioned. Where there are
signatures, there *must* be C14N (Canonicalization). In the absence of
explicitly defined C14N rules, the C14N algorithm is simply: "Leave it as it
is!" -- but that is rarely useful and is certainly not useful in the case of
Atom.
The only interesting question is "What is the C14N process for
Atom?" The question: "Is C14N required?" is rhetorical at best. The answer
is "Yes."
Well, yeah, obviously ;-) I was never questioning the need for c14n, I
was trying to figure out if some Atom specific c14n process is
required. Sorry if I wasn't being clear; it was based on the assumption
that we all already knew that some form of c14n was going to be
necessary no matter what.
The algorithm would recast the entry being signed as a standalone entity
with all appropriate namespace declarations, etc.
Precisely. It is also exceptionally important to ensure that a
source element be included in any signed entry in order to ensure that the
signed entry can be copied to other feeds without breaking the signature or
changing the semantics of the entry by allowing feed metadata from the
non-source feed to "bleed" into the entry.
Right. So what else is it going to need to do?
Given that I typically do not use any online aggregation services I'm
not sure if it is typical for such aggregators to insert metadata into
the entries they serve up?
bob wyman
