[Standards-JIG] The Great Encryption Debate
ian.paterson at clientside.co.uk
Fri Aug 5 09:51:48 UTC 2005
One of the Open Issues for JEP-0116 is that the options in the Esession
negotiation MUST be signed.
David Waite wrote:
> I evaluated traditional xml
> canonicalization with xml-security a while back, and came to
> the conclusion that servers were not conformant enough to xml
> for xmpp to be a safe/realistic transport of signed data,
> unless that data was under some text encoding like base64.
Base64 encoding the XML would not be compatible with JEP-0155 (or very
Jabberish). Signing only the data in a specified order without the XML
would not be extensible.
The alternative is to require both entities to remove any white-space
between elements and convert the XML into some canonical form (probably
according to http://www.w3.org/TR/2001/REC-xml-c14n-20010315). This is
an extra complication for implementors, but I would expect it to work.
Do the XML libraries client developers are currently using typically
support standard canonicalisation?
David, what were the problems you found with servers?
More information about the Standards