Bug 47761 - xmlns:xml namespace improperly emitted during excl c14n
xmlns:xml namespace improperly emitted during excl c14n
Status: RESOLVED FIXED
Product: Security - Now in JIRA
Classification: Unclassified
Component: Signature
Java 1.4.2
All All
: P2 normal
: ---
Assigned To: XML Security Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2009-08-28 10:53 UTC by Scott Cantor
Modified: 2009-10-01 14:11 UTC (History)
0 users



Attachments
Affected document, unsigned and signed, and a key pair used. (4.71 KB, application/x-compressed)
2009-08-28 10:53 UTC, Scott Cantor
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Cantor 2009-08-28 10:53:25 UTC
Created attachment 24187 [details]
Affected document, unsigned and signed, and a key pair used.

It appears that the c14n algorithm is outputting xmlns:xml in certain
conditions even when set to the usual/presumed value, which is improper.

A kit to help reproduce is attached.

From exchanging email with Sean, I believe the trigger for this is probably the
poor choice (but not outright bug) of including the xml prefix in the inclusive
prefix parameter. If so, only exclusive would be broken, and only with this
trigger.

We agree that identifying the prefix there is a bad idea, but it's not illegal
and it doesn't change the algorithm, so it should get fixed here also.
Comment 1 sean.mullan 2009-10-01 14:11:30 UTC
Fixed in main trunk.