Slightly better? 15.5. Digital Signatures and Encryption
Atom Entry and Feed Documents might contain XML Digital Signatures [REC-xmldsig-core] and might be encrypted using XML Encryption [REC-xmlenc-core] as specified in Section 5 of [RFC4287]. Handling of signatures and encrypted elements in Atom documents is discussed in sections 5 and 6.3 of [RFC4287]. When servers or clients receive digitally signed or encrypted Entry Documents, they are under no obligation to preserve signatures or encrypted elements. They are allowed to modify member resources in ways that can invalidate signatures. If such modifications are made, it is strongly recommended that invalid signatures be removed. A server can require that Entry Documents received from a client, either via POST or PUT, be digitally signed with a valid signature or are encrypted, or both. How such requirements are communicated to the client is considered out of scope for this specification. - James Bjoern Hoehrmann wrote: > * James M Snell wrote: >> When servers or clients receive digitally signed or encrypted Entry >> Documents, they are under no obligation to preserve the integrity of >> the signatures or the encryption. They are allowed to modify member >> resources in ways that can invalidate signatures. If such >> modifications are made, it is recommended that any invalid signatures >> be removed. > > This should be "Servers should remove invalidated signatures". However, > this may give the false impression that support for signatures is re- > quired, and does not address what to do if the server does not know if > a signature has been invalidated. The phrasing of "the integrity of the > signatures or the encryption" is also easily misread. > >> A server can require that Entry Documents received from a client, >> either via POST or PUT, be digitally signed with a valid >> signature or are encrypted, or both. How such requirements are >> communicated to the client are considered out of scope for this >> specification. > > s/are con/is con/. > >> Signatures and encrypted elements are considered to be foreign markup >> within an Atom document and are required to be handled according to >> the rules specified in Sections 5 and 6.3 of [RFC4287]. > > I don't think it's useful to repeat this information here, "Handling of > signatures and encrypted elements in Atom documents is discussed in > sections 5 and 6.3 of [RFC4287]" would be better.
