[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [ebxml-msg] Please send your feedback on 'whitespace' issue.
I think this is the last issue. Rather than try to work out the transform, I am just going to put a warning in the Multi-hop section under a new heading called *Multi-Hop Security Considerations*. I will finish this and then put out version 1.1 for a vote. Regards, David. -----Original Message----- From: David Fischer [mailto:david@drummondgroup.com] Sent: Thursday, January 03, 2002 5:29 PM To: Cherian, Sanjay; ebxml-msg@lists.oasis-open.org Subject: RE: [ebxml-msg] Please send your feedback on 'whitespace' issue. This could be serious for Intermediaries. When an IM adds an element to a signed message, it must be done without adding ANY whitespace. When an IM removes an element it must do so without deleting whitespace outside the element. <SOAP:Header...> <MessageHeader ...>... </MessageHeader> <ds:Signature>. . .</ds:Signature> </SOAP:Header> becomes: <SOAP:Header...> <MessageHeader ...>... </MessageHeader><SyncReply.../><AckRequested.../> <ds:Signature>. . .</ds:Signature> </SOAP:Header> Notice there is no whitespace (CRLF) added when adding the SyncReply and AckRequested. Is it reasonable to ask IMs to act like this? Should we show this in the spec? Sanjay's Transform, or something like it, might fix this problem so the IM could add elements on a new line as would be expected: <SOAP:Header...> <MessageHeader ...>... </MessageHeader> <ds:Signature>. . .</ds:Signature> <SyncReply.../> <AckRequested.../> </SOAP:Header> OTOH, We could fix this problem by putting SyncReply and AckRequested back in Via so IMs change a flag instead of adding elements. Since Via is not signed, the problem would go away. In any case, this needs to be addressed. Regards, David Fischer Drummond Group. P.S. Thanks to Sanjay for identifying this problem, and to Cliff for testing/proving this problem on signed messages. -----Original Message----- From: Cherian, Sanjay [mailto:Sanjay_Cherian@stercomm.com] Sent: Wednesday, January 02, 2002 3:04 PM To: 'ebxml-msg@lists.oasis-open.org' Subject: [ebxml-msg] Please send your feedback on 'whitespace' issue. Hi, If you have not already, please reply to David's note: http://lists.oasis-open.org/archives/ebxml-msg/200112/msg00232.html regarding the 'Whitespace problem with XMLDSIG usage in ebXML' analysis: http://lists.oasis-open.org/archives/ebxml-msg/200112/msg00226.html Please convey your impression of the severity of this issue and the appropriateness of the suggested solution. (Thanks to Rich and Doug for their comments.) Thanks and wishing you a happy new year. Sanjay J. Cherian Sterling Commerce Irving, TX ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl> ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC