Canonicalization tutorial or help...

Eleria

I am doing my thesis on security concept design, and I am currently reading and collecting information about security threats. I am really confused about canonicalization. Would anybody have any good links or information what about canonicalization, the vulnerabilities it causes and of course countermeasures. Thanks in advance!

Weedpacket

A bit vague, sorry; "canonicalization" is a pretty broad term ("the process of converting something into a canonical form").

Could you be a bit more specific? Do you mean Canonical XML, for example?

As far as security vulnerabilities in the broadest sense go; (a) processing material into a canonical form can be an opportunity for malicious code to attack the processor if the canonicalization algorithm (or its implementation) is faulty, but on the other hand (b) after canonicalization it's easier for the data to be validated, because it's in a simpler and more predictable form.