* Paul Hoffman wrote: >We have gone out of our way in APP not to tell servers what to do >with received content. Why should we start here? Also, why should a >server have to figure out whether the content was changed?
I am not sure I understand the second question. If the server receives a signed document and does not modify the document there is no problem. If it does modify it, then it knows the content has been changed. The first question is easy to answer, if you have neither of * clients don't send signed documents unless server supports them * servers don't keep signatures unless they don't modify documents as policy, a client might optimistically send a signed document and the server ends up serving documents with invalidated signatures. That'd be bad as recieving clients would give false alarms, reducing the overall utility of digital signatures. -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
