2009/5/12 Remko Tronçon <[email protected]>: > On Mon, May 11, 2009 at 5:51 PM, Dave Cridland <[email protected]> wrote: >> This did get me wondering about the issue that if there's two semantically >> identical forms for the same information, then should we ever wish to have >> clients sign the privacy list, we have a C14N problem. > > Well, semantical equivalence should be checked at the XML level, not > at the XMPP level. Wouldn't you otherwise have problems with plain > messages as well, since > <message><body>a</body><subject>b</subject></message> is equivalent to > <message><subject>b</subject><body>a</body></message> in XMPP (but not > in XML). > > cheers, > Remko >
That's another problem. As Peter pointed out to me earlier, no XMPP spec ever enforced a particular child order (if the order wouldn't make a semantic difference in XMPP). If it comes to signing, we can specify that unordered elements are to be ordered by some algorithm.
