Re: [xmlsec] Canonicalization question

2003-02-25 Thread Rich Salz 
If you message is going to be passed through different XML processors, 
it is safest to use XMLC14N, as this will "undo" any "damage" that might 
happen, such as xml->dom->xml conversions.
	/r$

___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Canonicalization question

2003-02-25 Thread Aleksey Sanin 
http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel:

The |Transforms| specified in this document are defined with respect to 
the input they require.
The following is the default signature application behavior:

   * If the data object is an octet stream and the next transform
 requires a node-set,
 the signature application MUST attempt to parse the octets
 yielding the required
 node-set via [XML ]
 well-formed processing.
   * If the data object is a node-set and the next transform requires
 octets, the signature
 application MUST attempt to convert the node-set to an octet
 stream using
 Canonical XML [XML-C14N
 ].




Which means that if you do not specify C14N then the default one would 
be used
when needed.

Aleksey





[EMAIL PROTECTED] wrote:

Hi Folks!

I would like to ask you a simple thing - should I canonicalize
all signed content before calculating the digest or not?
XML-DSIG says I should canonicalize  but
for verifying  -s XML-DSIG says just apply the Transform-s
and calculate the digest. So if a  contains a digest of some
block of xml data, should it be canonicalized or not?
Regards,

Veiko

___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
 



___
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec