https://issues.apache.org/bugzilla/show_bug.cgi?id=47761
Summary: xmlns:xml namespace improperly emitted during excl
c14n
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: canto...@osu.edu
--- Comment #0 from Scott Cantor <canto...@osu.edu> 2009-08-28 10:53:25 PDT ---
Created an attachment (id=24187)
Affected document, unsigned and signed, and a key pair used.
It appears that the c14n algorithm is outputting xmlns:xml in certain
conditions even when set to the usual/presumed value, which is improper.
A kit to help reproduce is attached.
>From exchanging email with Sean, I believe the trigger for this is probably the
poor choice (but not outright bug) of including the xml prefix in the inclusive
prefix parameter. If so, only exclusive would be broken, and only with this
trigger.
We agree that identifying the prefix there is a bad idea, but it's not illegal
and it doesn't change the algorithm, so it should get fixed here also.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
