I'm happy with everything here except your last proposed addition, which I do not believe is necessary or appropriate.
- James A. Pagaltzis wrote: > * James M Snell <[EMAIL PROTECTED]> [2007-06-18 18:55]: >> Slightly better? > > How about something along these lines: > > 15.5. Digital Signatures and Encryption > > Atom Entry and Feed Documents can contain XML Digital > Signatures [REC-xmldsig-core] and can be encrypted using XML > Encryption [REC-xmlenc-core] as specified in Section 5 of > [RFC4287]. Handling of signatures and encrypted elements in > Atom documents is discussed in sections 5 and 6.3 of [RFC4287]. > > Neither servers nor clients are under any obligation to > support XML Digital Signatures and XML Encryption, although a > server MAY require that Entry Documents received from a client > be digitally signed with a valid signature or be encrypted, or > both. > > Servers are free to modify the contents of an Entry Document > in any way, which can lead to inadvertent invalidation of > signatures. If the server can detect a thusly invalidated > signature, it is strongly encouraged that it be discarded > prior to publishing. > > In all cases, it is considered out of scope for this > specification how support and/or requirements for digital > signing and encryption are communicated between server and > client. > > And a tentative addition I wanted to include above the last > paragraph, but which I’m not yet quite sure about: > > Clients wishing to publish digitally signed and/or encrypted > content should consider that servers are especially likely to > modify particular aspects of an Entry Document, such as > "atom:id" and "atom:updated", but not necessarily others, > such "atom:title" or "atom:content". Signing and/or > encrypting selectively may therefore be a better strategy > than doing so for the Entry Document as a whole. > > I’m rather unhappy with the wording and length of that, though. > > Regards,
