* Sam Hartman wrote: >Here are some examples of questions I think should be answered: > >1) I'm implementing a server; I don't want to break digital > signatures. What should I be careful of? As an example, what > changes that do not change the meaning of the XML can I make; what > must I avoid? If this can be answered by a reference to a > specific section of another document that would be great.
This might not be a good question to answer. What is more interesting is what servers are likely to change, so clients can filter those parts out when creating the signature. Some things like choice of quote marks for attribute values are universally understood to be irrelevant in XML pro- cessing, and you cannot make any changes beyond that without risking to break the signature unless you understand the signature method. I do not think it would be useful to point that out, and saying much more might be more confusing than useful. On the other hand, it might be that server implementations leave, say, author information, title, and textual content of an entry untouched, knowing that clients might just sign those bits and leave the rest free to change by the server. I am not sufficiently familiar with this to say whether there is some good recommendation to make though, or whether it might be better to put this into a later document when we have more im- plementation experience. If there is nothing to recommend yet, it would be best to not address this question. -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
