IMO, for encryption serialization CDATA shall be serialized as CDATA element without Entity conversion. Otherwise it may give problems when we first sign that element, then encrypt it. In addition CDATA implies a "preserve space" behavior. Is that true for standard Text nodes too?
Having problems with network, and it distracted me. I meant to ask a question on the first part.
If we were to go down the canonicalisation path for serialisation, we would loose CDATA sections as you quite rightly point out. This won't be a problem for signatures, as they are removed anyway, but I'd be interested in whether you see any other problems we might run into.
Cheers,
Berin