You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Venu K <ve...@gmail.com> on 2005/07/15 12:04:29 UTC

Fwd: Encryption

---------- Forwarded message ----------
From: Venu K <ve...@gmail.com>
Date: Jul 15, 2005 1:39 PM
Subject: Encryption
To: security-dev@xml.apache.org

Hi ,

XML-SEC does c14 canonicalization by default even though w3c
encryption spec mentions same as optional. What is the rationale
behind this.
Any insights appreciated.

Thanks,
Venu

-- 
Regards,
Venu

Re: Fwd: Encryption

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

<GRIN>.  Yup - Milan is correct, I was talking "as much as I can remember".

Cheers,
	Berin

Venu K wrote:
> thanks milan :). I was thinking too much of code :).
> 
> 
> 
> On 7/18/05, Milan Tomic <mi...@setcce.org> wrote:
> 
>>>from memory you mean ?
>>
>>"From memory" means "As much as he can remember", not "from RAM" (random
>>access memory).
>>
>>Best regards,
>>Milan
>>
>>
> 
> 
>

Re: Fwd: Encryption

Posted by Venu K <ve...@gmail.com>.

thanks milan :). I was thinking too much of code :).



On 7/18/05, Milan Tomic <mi...@setcce.org> wrote:
> 
> > from memory you mean ?
> 
> "From memory" means "As much as he can remember", not "from RAM" (random
> access memory).
> 
> Best regards,
> Milan
> 
> 


-- 
Regards,
Venu

RE: Fwd: Encryption

Posted by Milan Tomic <mi...@setcce.org>.

> from memory you mean ?

"From memory" means "As much as he can remember", not "from RAM" (random
access memory).

Best regards,
Milan

Re: Fwd: Encryption

Posted by Venu K <ve...@gmail.com>.

Hi Berin,

Thank You for the answers.

On 7/16/05, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Not sure there is enough context to answer the question here.  Are you
> talking about serialisation of nodes prior to encryption?
Yes Berin, 
> 
> If so, then the reason the libraries (both of them)
you mean signature and encryption ?? or java/c++ ??

 >use c14n (and from
> memory, exclusive c14n) 

from memory you mean ?


Regards,
Venu

Re: Fwd: Encryption

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Not sure there is enough context to answer the question here.  Are you 
talking about serialisation of nodes prior to encryption?

If so, then the reason the libraries (both of them) use c14n (and from 
memory, exclusive c14n) is you need to serialise somehow, and this is a 
nice, standard way to do it.  By using C14n (and particularly exclusive) 
you get over some problems with namespaces when decrypting and parsign 
fragments of XML.

Cheers,
	Berin

Venu K wrote:

> ---------- Forwarded message ----------
> From: Venu K <ve...@gmail.com>
> Date: Jul 15, 2005 1:39 PM
> Subject: Encryption
> To: security-dev@xml.apache.org
> 
> 
> Hi ,
> 
> XML-SEC does c14 canonicalization by default even though w3c
> encryption spec mentions same as optional. What is the rationale
> behind this.
> Any insights appreciated.
> 
> 
> Thanks,
> Venu
> 
>