My problem is with the "should only do so" and "validating the submission" text.
I agree that, for the most part, the a client-signed signature is likely only going to be useful for the server but we honestly do not have enough experience to say that for certain -- at least not enough to justify a "should". I'd be more comfortable with something along these lines: Because servers allow allowed (and in some cases required) to modify the contents of an Entry Document before publishing it, signatures within an entry will likely only be useful to the server to which it is being sent. Clients cannot assume that the signature will be valid when viewed by a third part, or that the server will event publish client's signature. - James Tim Bray wrote: > On Jun 19, 2007, at 12:42 PM, James M Snell wrote: > >>> Because servers are allowed (and in some cases required) to modify the >>> contents of an Entry Document before publishing it, a client that signs >>> a Entry Document should only do so with the intention of the server >>> possibly validating the submission; the client cannot assume that the >>> signature will be valid when viewed by a third party, or that the server >>> will even publish the client's signature. >>> >> >> This gets too close to dictating implementation behavior. There may be >> many reasons for having a client sign an entry that goes beyond >> validating the submission. > > Huh? Why would you go to the (nontrivial) trouble of doing a signature > if you didn't want someone to check it? And who other than the server > could? The phrase "client" here clearly means "software behavior in the > context of the Atom Protocol", and if you're signing it in the context > of the Atom Protocol, the signature couldn't possibly be useful, in the > context of the protocol, to any party other than the server you're > sending it to. -Tim >
