Comments on: Friendly XML, trusted XML and parity bits http://labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/ Tue, 15 May 2012 02:41:51 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Assaf http://labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/comment-page-1/#comment-137526 Assaf Thu, 01 Feb 2007 17:28:56 +0000 http://blog.labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/#comment-137526 Eran, Canonical XML (which XML sig uses) is UTF-8 encoded. So for hasing purposes, there's only one encoding to get right. And if you use any other encoding for the actual document, it verifies you got the implementation right (or wrong, but consistently on both ends). Whitespace is a bit trickier, but that too is solvable. The point is to make a strong assertion that two implementations are working on the same data, at least in the XML sense of it. Then you can relax well-formed to be just a means to that end, and turn it off in some implementations. Eran,

Canonical XML (which XML sig uses) is UTF-8 encoded. So for hasing purposes, there’s only one encoding to get right. And if you use any other encoding for the actual document, it verifies you got the implementation right (or wrong, but consistently on both ends).

Whitespace is a bit trickier, but that too is solvable.

The point is to make a strong assertion that two implementations are working on the same data, at least in the XML sense of it. Then you can relax well-formed to be just a means to that end, and turn it off in some implementations.

]]> By: Aristotle http://labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/comment-page-1/#comment-137525 Aristotle Thu, 01 Feb 2007 12:49:50 +0000 http://blog.labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/#comment-137525 The problem will be defining a canonical form that everyone agrees and which actually looks like what any application would actually use directly. If you define a canonical form that’s just another intermediate format it might help a little, but you won’t really gain that much. The problem will be defining a canonical form that everyone agrees and which actually looks like what any application would actually use directly. If you define a canonical form that’s just another intermediate format it might help a little, but you won’t really gain that much.

]]> By: Eran http://labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/comment-page-1/#comment-137523 Eran Thu, 01 Feb 2007 11:04:15 +0000 http://blog.labnotes.org/2007/02/01/friendly-xml-trusted-xml-and-parity-bits/#comment-137523 Hashing XML files is a very delicate process. Just look at the <a href="http://www.w3.org/Signature/">XML Signature specs</a> which has a section about hashing an XML document (or part of it) for change verification purposes. There are a couple of problems there: 1) Encoding, some implementation will not handle various encoding correcting and will hash something that is not the exact coding thus producing a wrong hash. 2) Whitespaces - the holy pain the butt for XML - some will hash with whitespaces, some without. Even hashing this simply plain crap is going to be a nightmare which might suffer from the same stuff every other XML document has. Then again, good idea though... It's not that I'm just seeing the half empty glass :-) Hashing XML files is a very delicate process.
Just look at the XML Signature specs which has a section about hashing an XML document (or part of it) for change verification purposes.

There are a couple of problems there:
1) Encoding, some implementation will not handle various encoding correcting and will hash something that is not the exact coding thus producing a wrong hash.
2) Whitespaces – the holy pain the butt for XML – some will hash with whitespaces, some without.

Even hashing this simply plain crap is going to be a nightmare which might suffer from the same stuff every other XML document has.

Then again, good idea though… It’s not that I’m just seeing the half empty glass :-)

]]>