mace-opensaml-users - Re: [OpenSAML] XML signatures and canonicalization
Subject: OpenSAML user discussion
List archive
- From: Xavier Drudis Ferran <>
- To:
- Subject: Re: [OpenSAML] XML signatures and canonicalization
- Date: Thu, 2 Apr 2009 16:33:38 +0200
On Thu, Apr 02, 2009 at 09:23:52AM -0500, Anil Saldhana wrote:
> The sender is modifying the assertion with white spaces after generating the
> signature. The receiver (Mitch) has received a signature and a modified
> assertion with white spaces.
>
> I think the discussion is about content that is already signed. We are
> saying you cannot modify it lest signature failure. :)
>
Yes, I understand it so.
Saying that you can add whitespace before signing is tautological
and irrelevant. You can do any sort of transformation before signing,
not just adding whitespace, you could duplicate every other XML
element with a name starting by F if you wanted, and then sign .
The only relevant discussion is what modifications are allowed
between signature and verification, and this (I'm not an expert)
is what canonicalization methods (or their equivalence classes)
define. You can do any modification between signing and
verification as long and the canonicalization result stays
the same as before your modification.
So it all boils down to : Is there a canonicalization that
ignores whitespace and/or pretty printing ? Not that I know.
You could define one but it wouldn't be standard, AFAIK.
But let someone knowledgeable answer.
--
Xavi Drudis Ferran
- XML signatures and canonicalization, Mitchell Prentice, 04/01/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/01/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- RE: [OpenSAML] XML signatures and canonicalization, Bob Jacoby, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Chad La Joie, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Xavier Drudis Ferran, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, edward . thompson, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Jim Fox, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Mitchell Prentice, 04/02/2009
- Re: [OpenSAML] XML signatures and canonicalization, Anil Saldhana, 04/01/2009
Archive powered by MHonArc 2.6.16.