Greetings again. I gravely misunderstood XML Canonicalization, and as it has been explained to me now, XML Canonicalization would be a disaster for Atom: what we want is Exclusive XML Canonicalization. See <http://www.w3.org/TR/2002/REC-xml-exc-c14n-20020718/>.
What I didn't get was that in normal XML Canonicalization, the canonicalized version gets all the external definitions added as text; that doesn't happen in Exclusive XML Canonicalization. I thought that in normal XML Canonicalization, those definitions got assumed; I didn't realize that they got actually put in as text. Yuck.
(I cannot understand how the folks who put together XMLDigSig could allow normal XML Canonicalization to be even thought of, much less the only required form. What a mess.)
Now that I understand this better, I believe that our text should read: [[ NEW ]] Section 6.5.1 of [W3C.REC-xmldsig-core-20020212] requires support for Canonical XML. However, many people believe that Canonical XML may be deprecated in the future, and many implementers do not use it because signed XML documents enclosed in other XML documents have their signatures broken. Thus, Atom Processors that verify signed Atom Documents MUST be able to canonicalize with Exclusive XML Canonicalization. Does anyone object to that? --Paul Hoffman, Director --Internet Mail Consortium
