RE: [TLS] Review of draft-housley-tls-authz-extns-05
<Pasi.Eronen@nokia.com> Mon, 05 June 2006 13:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FnFF7-0004h5-KW; Mon, 05 Jun 2006 09:35:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FnFEn-0004Nz-Kz for tls@ietf.org; Mon, 05 Jun 2006 09:35:21 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FnDft-00060m-Ax for tls@ietf.org; Mon, 05 Jun 2006 07:55:13 -0400
Received: from mgw-ext11.nokia.com ([131.228.20.170]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1FnDYq-0006La-BB for tls@ietf.org; Mon, 05 Jun 2006 07:47:56 -0400
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext11.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k55BlrV4026524; Mon, 5 Jun 2006 14:47:55 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jun 2006 14:47:54 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 5 Jun 2006 14:47:54 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Review of draft-housley-tls-authz-extns-05
Date: Mon, 05 Jun 2006 14:47:56 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2402BC036F@esebe105.NOE.Nokia.com>
In-Reply-To: <046F43A8D79C794FA4733814869CDF070152A5E0@dul1wnexmb01.vcorp.ad.vrsn.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Review of draft-housley-tls-authz-extns-05
Thread-Index: AcaHNX30nUMsvvFoShSwXEL/SDYhlgBRkQuwAASzKAAAAIvrIA==
From: Pasi.Eronen@nokia.com
To: shollenbeck@verisign.com, hartmans-ietf@mit.edu
X-OriginalArrivalTime: 05 Jun 2006 11:47:54.0355 (UTC) FILETIME=[E1A0BC30:01C68895]
X-Spam-Score: -2.6 (--)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Cc: mark@redphonesecurity.com, tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Scott Hollenbeck wrote: > Section 5.1 of RFC 3470/BCP 70 includes relevant text. In a > nutshell, UTF-8 is a MUST if you're using XML. UTF-16 is > recommended since you get it for free with XML parsers, but it's not > required. An XML declaration is not needed if you're using either > UTF-8 or UTF-16. A byte order mark is required with UTF-16. Other > encodings are possible, but if something else is used it must be > identified with an appropriate XML declaration. Thanks for the pointer; it looks like Section 4.1 of the document is also relevant: In some uses of XML as an embedded protocol element, the XML used is a small fragment in a larger context, where the XML version is fixed at "1.0" and the character encoding is known to be "UTF-8". In those cases, an XML declaration might add extra overhead. In cases where the XML is a larger component which may find its way alone as an external entity body (transported as a MIME message, for example), the XML declaration is an important marker and is useful for reliability and extensibility. The XML declaration is also an important marker for character set/encoding (see Section 5.1), if any encoding other than UTF-8 or UTF-16 is used. Note that in the case of UTF-16, XML requires that the entity starts with a Byte Order Mark (BOM), which is not part of the character data. Note that the XML Declaration itself is not part of the XML document's Information Set. Protocol specifications must be clear about use of XML declarations. XML [8] notes that "XML documents should begin with an XML declaration which specifies the version of XML being used." In general, an XML declaration should be encouraged ("SHOULD be present") and must always be allowed ("MAY be sent"). An XML declaration should be required in cases where, if allowed, the character encoding is anything other than UTF-8 or UTF-16. Since the latter paragraph says that XML declaration must always be allowed, the simplest approach would be to always require it here. In other words, draft-housley-tls-authz-extns should say something like this, right? "When SAMLAssertion is used, the field contains an XML text declaration, followed by an <Assertion> element using the AssertionType complex type as defined in [SAML1.1][SAML2.0]. The field MUST also follow the rules of [XML] for including the Byte Order Mark (BOM) in encoded entities." Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen
- [TLS] Review of draft-housley-tls-authz-extns-05 Pasi.Eronen
- Re: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- Re: [TLS] Review of draft-housley-tls-authz-extns… Sam Hartman
- RE: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- Re: [TLS] Review of draft-housley-tls-authz-extns… Sam Hartman
- Re: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen
- RE: [TLS] Review of draft-housley-tls-authz-extns… Hollenbeck, Scott
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen