Bjoern Hoehrmann wrote:
* Paul Hoffman wrote:
We have gone out of our way in APP not to tell servers what to do
with received content. Why should we start here? Also, why should a
server have to figure out whether the content was changed?
I am not sure I understand the second question. If the server receives a
signed document and does not modify the document there is no problem. If
it does modify it, then it knows the content has been changed. The first
question is easy to answer, if you have neither of
* clients don't send signed documents unless server supports them
* servers don't keep signatures unless they don't modify documents
as policy, a client might optimistically send a signed document and the
server ends up serving documents with invalidated signatures. That'd be
bad as recieving clients would give false alarms, reducing the overall
utility of digital signatures.
Björn,
in this case I think we'd need to define what "changing" a document
means. What aspects need to be preserved? Comments? PIs? Namespace
prefixes? Whitespace?
Best regards, Julian
