Richard Salz <[email protected]> wrote: > I have some concerns about hashing XML without > doing some kind of canonicalization first Right. That's one of the sweet things about Salmon's Magic Signature<http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html>stuff. The idea is that you punt on canonicalizing the XML by just dumping it into a base64 blob. You then sign the blob, not the XML. As a result, all the canonicalization issues disappear and you've got a nice, easy to implement signature method.
See the draft for details: http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-00.html bob wyman On Tue, May 4, 2010 at 4:40 PM, Richard Salz <[email protected]> wrote: > I have some concerns about hashing XML without doing some kind of > canonicalization first -- namely, will it work in practice? I don't know. > If it does, great, c14n is generally expensive. > > We wrote a draft I-D on security processing for Atom nearly a year ago. > Not much interest anywhere, but I still think it's pretty good. :) > > https://datatracker.ietf.org/idst/status.cgi?submission_id=17333 > > /r$ > > -- > STSM, WebSphere Appliance Architect > https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/ > >
