I agree with Rich and think his reasoning can be extended to the underlying
problem as well. Because the XSLT transform described doesn't come for
free, couldn't we recommend the xml:space="preserve" attribute be set for
the entire soap:Envelope or equivalent handling?
This is probably a general disagreement with the "unreasonable to expect
such an MSH to preserve irrelevant whitespace" point. If we can require an
MSH to preserve whitespace in the SignedInfo element, why not in the
referenced signed material?
I certainly agree with Sanjay it is not intuitively obvious why the existing
canonicalization methods don't remove trivial whitespace. That's balanced
against our need to support receivers not using verifying parsers (also the
"why" canonicalization works as it does) and the high cost of the
transformation described. Therefore, I'm recommending not adding this
additional transform and instead requiring implementations to avoid the
underlying problem.
We'll need to discuss what "avoid the underlying problem" truly means
because I'm not sure xml:space has been consistently implemented in the XML
parser marketplace. It also only requires the application layer learns of
all whitespace in the affected elements, not inclusion of that whitespace in
a related document created by the application layer. In this context, the
"application layer" is anything above the XML parser, including the SOAP
processor, signature validator and MSH handler.
By the way, the XSLT block (if we do decide to use it) seems to contain a
typo. Shouldn't
<xsl:apply-templates select='@*'/>
<xsl:apply-templates/>
instead be
<xsl:apply-templates select='@*'>
</xsl:apply-templates>
or
<xsl:apply-templates select='@*'/>
I'm probably misremembering something that's not intuitive about XSLT...
thanx,
doug