Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:

>the problem was that xml didn't have a deterministic definition for encoding
>fields.

Yup, see "Why XML Security is Broken",
http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this.  Mind
you ASN.1 is little better, there are rules for deterministic encoding, but so
many things get them wrong that experience has shown the only safe way to
handle it is to do an exact bit-for-bit copy from A to B, rather than trying
to re-code at any point.  I've frequently commented that there is only one
workable rule for encoding objects like X.500 DNs, and that's memcpy().

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to