Looks like merlin-xmldsig-sixteen has been deprecrated....and we are WAY behind the times, we need to update to latest interop tests
- http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz - http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003JulSep/att-0018/phaos-xmldsig-three.zip details are at: http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html thanks, dims On Sun, 09 May 2004 21:12:51 +0200, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > My patch don't handle well this test case. It seems that it take on > account that the signed info is going to be c14n, reparsed & reimported. > But this is not alway the case. The SignedInfo is not c14n and > reimported if the c14n method is "safe". As stated in the second > paragraph of this mail > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001OctDec/0054.html. > And also in the REC > http://www.w3.org/TR/xmldsig-core/#sec-CanonicalizationMethod-NOTE, it > saids clearly that the above behavior is not always but only for > arbitrary c14n methods. > > What do you think is the good behavior? For me it is weird to have a > test case that relays in this kind of unstandard behavior. And the parse > and imports is a very wasteful process that need to be only done with > insecure c14n. But if you think that the test is correct I can correct > my patch and send it back again. > > Regards > >