[xmlsec] Invalid Signature - possible whitespace handling problem

[Edward Shallow]

Please read my post again. I have changed nothing in the references
themselves. This is clear in the eMail post. The only thing changed is the
<ds:Signature> structure itself, also explained clearly in the post.

Please re-read the problem report again, and give your die -hard fans the
benefit of the doubt. Your explanation below is obvious. It is also way off
the mark.

Ed

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: November 20, 2003 5:34 PM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Invalid Signature - possible whitespace handling
problem


>in the good one has all white space preserved and intact. That is all 
>tabs and carriage returns are left intact. Exactly as XMLSec returns 
>it. The bad <ds:Signature ...> block has had xml white space handling 
>performed on it after it was returned from XMLSec, by InfoPath :( . 
>That is carriage returns and tabs have been removed and most of the 
>lines are now strung out on 1 line.
>  
>
I believe Rich already answered you but let me summarize. You have a
Document signed by XMLSec. After that you perform *some* changes in the
document. And signature verification fails. Digital signatures are used to
detect *exactly* that situation. And I think everything happens "as
expected".

But since you are asking this question, I guess you think that
adding/removing tabs or spaces is not a big deal for XML. However, this is
*not* the case. 
Whitespaces are important!
For example, consider these two XML fragments:

1)
       <WelcomeMessage>Hello, user!</WelcomeMessage>

2)
    <WelcomeMessage>
                        Hello, user!
    </WelcomeMessage>

It might have happened that someone *intentionally* left spaces to move
"Hello, user!' string N chars from left side. XML has no way of knowing
that.


Aleksey