[Standards-JIG] The Great Encryption Debate
Ian Paterson
ian.paterson at clientside.co.uk
Fri Aug 5 04:51:48 CDT 2005
One of the Open Issues for JEP-0116 is that the options in the Esession
negotiation MUST be signed.
David Waite wrote:
> I evaluated traditional xml
> canonicalization with xml-security a while back, and came to
> the conclusion that servers were not conformant enough to xml
> for xmpp to be a safe/realistic transport of signed data,
> unless that data was under some text encoding like base64.
Base64 encoding the XML would not be compatible with JEP-0155 (or very
Jabberish). Signing only the data in a specified order without the XML
would not be extensible.
The alternative is to require both entities to remove any white-space
between elements and convert the XML into some canonical form (probably
according to http://www.w3.org/TR/2001/REC-xml-c14n-20010315). This is
an extra complication for implementors, but I would expect it to work.
Do the XML libraries client developers are currently using typically
support standard canonicalisation?
David, what were the problems you found with servers?
- Ian
More information about the Standards-JIG
mailing list