Larry, I understand what you're saying but canonicalisation and subsequent validation only happens on the Signature block. By moving the namespace declaration to the root element I have effectively removed the namespace from being part of the canonicalised representation. This would therefore invalidate the signature.
Nick --- Lawrence McCay <[EMAIL PROTECTED]> wrote: > Nick: > > Unless I am missing something in your example, what > you are describing is > the very motivation behind the need for > canonicalization of xml for digital > signatures. > > By specifying the exact canonicalization method used > at the time of signing, > at the point of verification the exact xml can be > recreated thus avoiding > the problems associated with reformatting of XML > that may ocurr during > processing by intermediaries or other middleware. > > Hope this helps. > > --larry > > > -----Original Message----- > > From: Nick Sydenham [mailto:[EMAIL PROTECTED] > > > Sent: Monday, November 29, 2004 11:28 AM > > To: [EMAIL PROTECTED] > > Subject: Namespace moves > > > > > > I'm looking at an existing problem with some of > our code and couldn't > > find a definitive answer in the W3C > Recommendation. > > Basically, it's not > > clear from the spec how moving a namespace > definition affects the > > validity of a signature. For instance, if I have: > > > > <SignedInfo > xmls:gt="http://www.wibble.com/CM/envelope";> > > ... > > <Transform Algorithm="..."> > > > <XPath>(count(ancestor-or-self::node()/gt:Message/gt:Body)=... > > </Transform> > > </SignedInfo> > > > > If I then return an enveloping signature with the > gt > > namespace moved to > > the root element the XML document is still valid > as the namespace is > > still declared on an ancestor node. However, from > an XML > > Signature point > > of view I have changed the SignedInfo element > which in theory > > breaks the > > signature. Is this a correct analysis or should > moving the namespace > > definition not affect the signature validity? > > > > TIA, > > > > Nick > > > > -- > > This message has been scanned for viruses and > > dangerous content, and is believed to be clean. > > > > > > -- > This message has been scanned for viruses and > dangerous content, and is believed to be clean. > > ===== "The secret of life… is enjoying the passage of time." James Taylor ___________________________________________________________ Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. Get Yahoo! Mail www.yahoo.co.uk/10k
