> As for normalization due to schema validation, I was under the impression > that normalization done during schema validation is "virtual" and doesn't > actually modify the actual bytes.
That's false. The parser will normalize the actual text nodes when it builds the DOM, and it is those text nodes (not the original document's text) that are fed into the c14n process. This is because XML Schema sets the whiteSpace facet to "collapse" for that data type. Turning off normalization bypasses the processing of that facet. OTOH, I may be wrong, but I think that the XML linefeed handling is actually done before any of the digesting happens when the input is an XML node set, as opposed to an octet stream, so that for enveloped signatures, it doesn't break anything no matter what the base64 looked like. It's the schema step that breaks. I think there may be some errata to XML Schema that related to base64 handling, but I'm not sure if it affects any of this. I think not. -- Scott
