Berin, like I said in my previous message, what if the cononicalization is not required to be performed? eg, consider the following example ds:Reference
<Reference URI="#Body">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>+L4ikk2zCUa0G8wTXVwXzF37GSQ=</DigestValue>
</Reference>
My apologies - I didn't quite read your e-mail properly.
Canonicalisation is required in all cases where a node set is to be digested, or input to a new serial transform (e.g. parsed).
So in the above case, canonicalisation is required by the spec. It's not explicitly listed as a transform, because it doesn't have to be. The fact a reference to the local document is made implies that a node set is returned. To make that node set an octet stream input to the hashing function, you are required to canonicalise.
There are cases where canonicalisation is not required, but they tend to be where the document reference is external. So something like :
<Reference URI="http://www.wingsofhermes.org/test.html";> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>b64encodedValue</DigestValue> </Reference>
wouldn't require it, and to be honest I am not sure whether the library cascades namespaces in that case. (But if it does, it shouldn't :>.)
Cheers,
Berin
