* James M Snell <[EMAIL PROTECTED]> [2007-06-18 18:55]:
> Slightly better?
How about something along these lines:
15.5. Digital Signatures and Encryption
Atom Entry and Feed Documents can contain XML Digital
Signatures [REC-xmldsig-core] and can be encrypted using XML
Encryption [REC-xmlenc-core] as specified in Section 5 of
[RFC4287]. Handling of signatures and encrypted elements in
Atom documents is discussed in sections 5 and 6.3 of [RFC4287].
Neither servers nor clients are under any obligation to
support XML Digital Signatures and XML Encryption, although a
server MAY require that Entry Documents received from a client
be digitally signed with a valid signature or be encrypted, or
both.
Servers are free to modify the contents of an Entry Document
in any way, which can lead to inadvertent invalidation of
signatures. If the server can detect a thusly invalidated
signature, it is strongly encouraged that it be discarded
prior to publishing.
In all cases, it is considered out of scope for this
specification how support and/or requirements for digital
signing and encryption are communicated between server and
client.
And a tentative addition I wanted to include above the last
paragraph, but which I’m not yet quite sure about:
Clients wishing to publish digitally signed and/or encrypted
content should consider that servers are especially likely to
modify particular aspects of an Entry Document, such as
"atom:id" and "atom:updated", but not necessarily others,
such "atom:title" or "atom:content". Signing and/or
encrypting selectively may therefore be a better strategy
than doing so for the Entry Document as a whole.
I’m rather unhappy with the wording and length of that, though.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
