[xmlsec] XML canonization

Rich Salz rsalz at datapower.com
Fri Oct 18 18:54:33 PDT 2002


You have to do canonicalization if you think there is the slightest
chance that a recipient will not keep your byte stream, but will DOMify,
then reconstruct, for example.

According to XML, <a g='c' f='l'/> and <a f='l' g='c'></a> are the
same thing.  C14N defines a standard format so that everyone can
generate the same hash, and therefore verify the sig.

If you are confident that nobody will modify the bytes on the wire that
you send, then you can skip the C14N transformation.

I would not recommend this.

C14N shouldn't be that long; does XMLSEC pipe it directly into the hash,
or does it build a huge string?  The latter is expensive...
        /r$




More information about the xmlsec mailing list