[XML-SIG] c14n attribute ordering problem?
Rich Salz
rsalz at datapower.com
Tue Sep 30 23:57:36 EDT 2003
> Well, this is great. However, example 3.3 [1] from the same specification
> shows a different sorting (look at element <e5/>). And after fixing this
> in libxml2
> I have a lot of interop tests failures in both C14N and XMLDSig.
And now looking at the end of 2.2, it says the default namespace has no
local name and is therefore lexicographically least.
So perhaps in 2.3 "local name" means NCName, meaning that phrase is
redundant? Or does it mean turn NCName "xmlns" into QName "xmlns:xmlns" ?
That doesn't seem likely.
Who wants to bring this up on the xml-dsig list? At a minimum, we're
gonna need some erratum issued.
The Python code (which I now think is wrong, not libxml/xmlsec) is:
def _sorter_ns(n1,n2):
'''_sorter_ns((n,v),(n,v)) -> int
"(an empty namespace URI is lexicographically least)."'''
if n1[0] == 'xmlns': return -1
if n2[0] == 'xmlns': return 1
return cmp(n1[0], n2[0])
Should that cmp be using [1] instead of [0]?
Argh. All together now: c14n bites! :)
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the XML-SIG
mailing list