Impressive analysis Sanjay.
I disagree with one part:
>The solution to this latter problem is to require MSHs to apply the XSL
>transform to ds:SignedInfo elements BEFORE signing and BEFORE verifying
> (that is, before the XMLDSIG implementation gets the envelope).
This is often not possible. In many DSIG toolkits, the ds:SignedInfo is
generated by the signing code, and the application has no capability to
generate or modify it.
I think the only practical thing is to include a warning that
intermediate MSH's must treat at least ds:Signature elements as if the
xml:space="preserve" attribute is set.
/r$
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com