You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Venu K <ve...@gmail.com> on 2005/07/15 12:04:29 UTC
Fwd: Encryption
---------- Forwarded message ----------
From: Venu K <ve...@gmail.com>
Date: Jul 15, 2005 1:39 PM
Subject: Encryption
To: security-dev@xml.apache.org
Hi ,
XML-SEC does c14 canonicalization by default even though w3c
encryption spec mentions same as optional. What is the rationale
behind this.
Any insights appreciated.
Thanks,
Venu
--
Regards,
Venu
Re: Fwd: Encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
<GRIN>. Yup - Milan is correct, I was talking "as much as I can remember".
Cheers,
Berin
Venu K wrote:
> thanks milan :). I was thinking too much of code :).
>
>
>
> On 7/18/05, Milan Tomic <mi...@setcce.org> wrote:
>
>>>from memory you mean ?
>>
>>"From memory" means "As much as he can remember", not "from RAM" (random
>>access memory).
>>
>>Best regards,
>>Milan
>>
>>
>
>
>
Re: Fwd: Encryption
Posted by Venu K <ve...@gmail.com>.
thanks milan :). I was thinking too much of code :).
On 7/18/05, Milan Tomic <mi...@setcce.org> wrote:
>
> > from memory you mean ?
>
> "From memory" means "As much as he can remember", not "from RAM" (random
> access memory).
>
> Best regards,
> Milan
>
>
--
Regards,
Venu
RE: Fwd: Encryption
Posted by Milan Tomic <mi...@setcce.org>.
> from memory you mean ?
"From memory" means "As much as he can remember", not "from RAM" (random
access memory).
Best regards,
Milan
Re: Fwd: Encryption
Posted by Venu K <ve...@gmail.com>.
Hi Berin,
Thank You for the answers.
On 7/16/05, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> Not sure there is enough context to answer the question here. Are you
> talking about serialisation of nodes prior to encryption?
Yes Berin,
>
> If so, then the reason the libraries (both of them)
you mean signature and encryption ?? or java/c++ ??
>use c14n (and from
> memory, exclusive c14n)
from memory you mean ?
Regards,
Venu
Re: Fwd: Encryption
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Not sure there is enough context to answer the question here. Are you
talking about serialisation of nodes prior to encryption?
If so, then the reason the libraries (both of them) use c14n (and from
memory, exclusive c14n) is you need to serialise somehow, and this is a
nice, standard way to do it. By using C14n (and particularly exclusive)
you get over some problems with namespaces when decrypting and parsign
fragments of XML.
Cheers,
Berin
Venu K wrote:
> ---------- Forwarded message ----------
> From: Venu K <ve...@gmail.com>
> Date: Jul 15, 2005 1:39 PM
> Subject: Encryption
> To: security-dev@xml.apache.org
>
>
> Hi ,
>
> XML-SEC does c14 canonicalization by default even though w3c
> encryption spec mentions same as optional. What is the rationale
> behind this.
> Any insights appreciated.
>
>
> Thanks,
> Venu
>
>