I'm also using the XMLSec and LibXML2 libraries and I'm just finishing off the verification of SMD signatures.

Slightly OT but the only issues I've encountered are around the 'id' attribute lacking the prescribed 'xml' prefix, I've had to adjust the invocation to XMLSec to get around the reference errors. 

See section 3.2 of http://www.aleksey.com/xmlsec/faq.html and http://www.w3.org/TR/xml-id/ (dated 9 Sept 2005)

Two questions:

  1. Has anyone else encountered this?
  2. Which libraries is the TMCH using to generate the SMD signatures? 

Kind regards,

Mike O'Connell

--

If you don't know where you are going, any road will get you there.

On 06 Aug 2013, at 12:34 AM, Francisco Obispo <fobispo@isc.org> wrote:

I agree,

I do use XMLSEC and LibXML and have not yet encountered any problems, but I do see it as a source of possible problems, so the least data to be transferred the better.



On Aug 5, 2013, at 1:29 PM, "Gould, James" <JGould@verisign.com> wrote:

It's actually a factor of the XML parser and the DSIG software, where based on my experience white space is  a factor for validation.  Troubleshooting validation issues is not a trivial task.  Removing the extra white space and carriage returns (pretty print) will reduce the size and reduce the risk of validation errors.


Francisco Obispo
Director of Applications and Services - ISC
email: fobispo@isc.org
Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
PGP KeyID = B38DB1BE