At 12:42 PM -0700 6/19/07, James M Snell wrote:
> Because servers are allowed (and in some cases required) to modify the
contents of an Entry Document before publishing it, a client that signs
a Entry Document should only do so with the intention of the server
possibly validating the submission; the client cannot assume that the
signature will be valid when viewed by a third party, or that the server
will even publish the client's signature.
This gets too close to dictating implementation behavior. There may be
many reasons for having a client sign an entry that goes beyond
validating the submission.
Does changing "should only do so" to "can do so" help alleviate that
concern? If not, alternate wording would be appreciated.
> A server is allowed to strip client-applied signatures, to strip
client-applied signatures and then re-sign with its own public key, and
to oversign an entry with its own public key. The meaning to a third
party of a signature applied by a server is the same as a signature from
anyone, as described in [RFC4287]. The method for a server to indicate
to a third party whether or not the client signed an Entry Document is
by including the client's signature in the published entry, even though
that signature is likely to be invalid.
I preferred Aristotle's suggested text (posted 6/18)
It did not hit all the points that I thought Sam was asking for. The
exercise at the moment is to come up with wording that is both useful
to the reader and covers the concerns of the AD who brought up the
point.
