XML Signature: Does attribute order matter?

[don.williams]

Question: If you change the order of attributes within an element that
is part of an XML signature, does that break the digital signature? I
thought attribute order was irrelevant in XML.

For example, suppose the original element when the XML Signature was
created was:

<MyElement a="123 b="456">

and while traversing an intermediary the element gets changed to:

<MyElement b="456" a="123>

Will this break the digital signature?

Thanks for any help on this.

...Don

 

[Bjoern Hoehrmann]

* (e-mail address removed) wrote in comp.text.xml:

Question: If you change the order of attributes within an element that
is part of an XML signature, does that break the digital signature? I
thought attribute order was irrelevant in XML.

That depends on the particular signature process. Generally speaking,
the document will be put in some canonical form which puts attributes
in a specific order, which would mean you can change the order without
breaking the signature. This is not guranteed however, you have to
check the signature process you are using to make sure.

 

[Joseph Kesselman]

.... or to put it another way: Yes, XML Signature itself cares about
attribute order. Many of us think that was a serious mistake and that
the signature should have been defined against the infoset rather than
against the specific syntax... but it is what it is and we're stuck with
it for now.