Paul Hoffman wrote:
Unfortunately, the complexity of XML and the variety of contexts in
which it is used made it impossible for the XMLDSIG WG to come up
with one set of canonicalization rules that are "distinguished."
By distinguished, I mean that there is exactly one way to represent
the XML object. There are two canonicalization rule sets: the
Canonical XML and the Exclusive XML Canonicalization. Specify
which one is mandatory-to-implement.
Section 5 does not provide sufficient detail for interoperability.
To be added near the end of Section 5.1 of atompub-format:
Section 6.5.1 of [W3C.REC-xmldsig-core-20020212] requires support
for Canonical XML. Atom Processors that sign Atom Documents MUST
use Canonical XML.
Does this requirement restrict our ability to use exclusive c14n on
individually signed entries within a feed document? If so, that's a
definite problem.
- James
