Dittmann Werner wrote:
<cite> This behaviour is absolutely necessary in order that exclusive canonicalization can function correctly in the case of changes to apex definitions of the default namespace. The canonicalization specifications should both have been defined to always emit apex xmlns=""; this lack introduces abstract security attacks against the default namespace which specifications such as &wsse; and &decrypt; have to work around with these ugly warts. </cite> from Merlin Hughes, Betrusted
Does this info helps you? (I'm in no way an expert on this topic).
Hmm. Yes that does make sense. I'd never thought about security implications, only the practical ones.
I think we'll have to do something for this.
Cheers,
Berin