Hello,
Is c14n transformation applied by default to all
"referenced" areas?
according to http://www.w3.org/TR/xmldsig-core/ [s06-08] cannonization shouldn´t be applied to referenced areas
unless specified as a transformation.
ie: <Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
but i think that you are maybe applying it by
default when verifying, signaling valid signatures as invalid and
viceversa. is that possible?
Regards,
Martin
Martin
[s06-08] Transforms is an optional ordered list of
processing steps that were applied to the resource's content before it was
digested. Transforms can include operations such as canonicalization,
encoding/decoding (including compression/inflation), XSLT, XPath, XML schema
validation, or XInclude. XPath transforms permit the signer to derive an XML
document that omits portions of the source document. Consequently those excluded
portions can change without affecting signature validity. For example, if the
resource being signed encloses the signature itself, such a transform must be
used to exclude the signature value from its own computation. If no Transforms
element is present, the resource's content is digested directly. While the
Working Group has specified mandatory (and optional) canonicalization and
decoding algorithms, user specified transforms are permitted.
