[Standards-JIG] Re: The Great Encryption Debate

Ian Paterson ian.paterson at clientside.co.uk
Tue Aug 9 11:04:45 UTC 2005


> > The proposal is only to remove white-space *between elements*.

> Which elements? e.g. with XHTML:
>    <b>one</b> <i>two</i>

I agree there would be issues if the proposal covered elements where XML
(like XHTML) is inserted into XMPP.

> > the only XML being canonicalized is the content of a 
> > data form and the content of an <encrypted/> element.

> it pays to be specific when talking about protocols.

You're right that wasn't clear enough. I'll try to explain better.

With JEP-0116 the encrypted data is MACed, not the plain XML. So only a
very limited number of XML elements need to be MACed or signed.

JEP-0116 only requires the whitespace to be removed *between the
elements* before signing (or verifying or MACing) in the following two
examples:


<field var="hash_algs">
  <value>whirlpool</value>
  <value>sha256</value>
</field>
<field var='compress'>
  <value>none</value>
</field>


<data kid='foo'>bah</data>
<key kid='foo'>bah</key>
<old>bah</old>
<old>bah</old>
<mac>bah</mac>


- Ian




More information about the Standards mailing list