On Tue, Mar 23, 2004 at 08:15:27AM -0800, Aleksey Sanin wrote: > > > It seems to me that the solution from a DSig point of view is an > > extension > >of the XML parsing rules, that should be looked at from a standard > >perspective > >(Aleksey, could you carry this on the W3C/IETF Working Group ?)... > This is not XML DSig but XML Encryption spec. The spec says > (http://www.w3.org/TR/xmlenc-core/#sec-Processing-Decryption): > > The decryptor SHOULD support the ability to replace the > EncryptedData element with the decrypted 'element' or element > 'content' represented by the UTF-8 encoded characters. The > decryptor is NOT REQUIRED to perform validation on the result of > this replacement operation. > > I think the spec is correct. It does not say *how* to replace the > element or content.
is the decryptor required to perform "parsing" ? The problem is that to know that the UTF-8 encoded characters contains character which are okay for an XML document, in theory parsing is required and parsing is only defined theorically in a document wide way. > The xmlsec implementation tries to do it without > serializing the whole tree and parsing it back but this might not be > possible. I still need to take a look at the option "parse in the > context". For example, if I can register known to me namespaces in the > parser context then this would solve the problem. That's an implementation issue. Parsing a substring within a node context could be a useful addition to libxml2 API, I'm not saying it's impossible but I try to understand the real scope of the problem, in order to get the right solution. There is more than just in-scope namespaces which are inherited from a document, like entities ... Daniel -- Daniel Veillard | Red Hat Network https://rhn.redhat.com/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
