On Jun 18, 2007, at 8:10 AM, Paul Hoffman wrote:
At 11:34 PM -0700 6/17/07, Tim Bray wrote:
The more I think about this, the more the right answer seems
obvious. The notion of a client signing a whole Atom entry is
just fundamentally bogus, because some parts of it are actually
owned by the server (id, update-timestamp).
Given some of the other comments in this thread, I disagree. A
server might want to only accept a signed entry in order to be sure
that the content was generated by someone the server trusts. This
can be orthogonal to the authentication used in order to post to
the server.
OK, let me re-phrase slightly. The idea of a client expecting a
digital signature on a whole entry to survive the publishing process
is bogus.
Expand 15.5 to point out all the problems that have emerged in
this discussion and which make client-originated dig-sig a non-
starter for APP.
Disagree; see above.
I think that most of what I wanted to put in makes sense; time to
stop hand-waving and draft some language. -Tim
