FHIR Chat · Canonicalization

Stream: implementers

Topic: Canonicalization

Grahame Grieve (Aug 08 2019 at 08:38):

GF#18441 raises an issue associated with the canonicalization algorithms. The task resolution says:

Grahame Grieve (Aug 08 2019 at 08:38):

The canonicalization algorithm should not normalize information within XML attribute values or JSON object properties (excepting XHTML, where normalization SHALL happen normally). The change will be to restrict normalization to the XHTML content and to content outside XML attribute and JSON property values.

Grahame will raise this with the community and see if this will actually impact anyone - and more importantly whether anyone objects to making this breaking change.

If the community is agreeable, we will flag this in the R4 spec as having been fixed in the R5 spec and will fix it there.

If the community is not agreeable, we will define new canonicalization algorithm URLs for the new "corrected" version.

Grahame Grieve (Aug 08 2019 at 08:39):

does anyone have any issues with this?

Vassil Peytchev (Sep 17 2019 at 17:40):

Looking at the GForge item, I think this is not well thought out. The canonicalization is mentioned in the context of digital signatures. The Signature data type explicitly references XML digital signature https://www.w3.org/TR/xmldsig-core1/ that in turn requires use of Canonical XML https://www.w3.org/TR/xml-c14n11/. This means that XML attributes will be normalized, if XML dsig is used.

Furthermore, I don't understand the issue raised - the canonicalization happens as part of the signature process, the canonical form is not sent over the wire.

Vassil Peytchev (Sep 19 2019 at 18:15):

@Ewout Kramer @Josh Mandel

Vassil Peytchev (Sep 19 2019 at 18:15):

@Grahame Grieve

Grahame Grieve (Sep 19 2019 at 18:16):

the canonical form can be sent over the wire, or stored.

Grahame Grieve (Sep 19 2019 at 18:18):

but it's possible that the @Vassil Peytchev is right about this - the question is how extensive are the use cases for canonicalisation on the wire... and they're small, I think

Ewout Kramer (Sep 19 2019 at 18:23):

he is right about this. This is mentioned pretty clearly in the xmldsig-core1 spec page.

Ewout Kramer (Sep 19 2019 at 18:25):

This is not even about canonicalisation on the wire - Lloyd is sitting next to us and is afraid that you can subtly change the meaning of a document by adding or removing spaces and tabs in markdown, and having no way for the receiver and sender to guarantee that this is caught.

Grahame Grieve (Sep 19 2019 at 18:31):

well, that'ss both true and false.in both ways

Grahame Grieve (Sep 19 2019 at 18:31):

xml canonicalization might normalise attributes, but we don't have to.

Grahame Grieve (Sep 19 2019 at 18:32):

on other hand, exchange is a worry we don't need to make supreme.

Grahame Grieve (Sep 19 2019 at 18:32):

and the fact that different markdowns collapse to the same signature text doesn't scare me very much

Lloyd McKenzie (Sep 19 2019 at 21:51):

Consider this:

Applications SHALL support the following:
* US Core profiles a, b an c
* Clinical genomics profiles
* All profiles define in this IG
Ensure you read usage the notes

vs. this:

Applications SHALL support the following:
* US Core profiles a, b an c
* Clinical genomics profiles
All profiles define in this IG
* Ensure you read usage notes

Lloyd McKenzie (Sep 19 2019 at 21:53):

This is less likely to be a problem where the original author wasn't crafting content to allow manipulation. But it'd be pretty easy for someone to craft content that was intended to allow manipulation