* Paul Hoffman wrote: >At 12:42 PM -0700 6/19/07, James M Snell wrote: >> > Because servers are allowed (and in some cases required) to modify the >>> contents of an Entry Document before publishing it, a client that signs >>> a Entry Document should only do so with the intention of the server >>> possibly validating the submission; the client cannot assume that the >>> signature will be valid when viewed by a third party, or that the server >>> will even publish the client's signature. >> >>This gets too close to dictating implementation behavior. There may be >>many reasons for having a client sign an entry that goes beyond >>validating the submission. > >Does changing "should only do so" to "can do so" help alleviate that >concern? If not, alternate wording would be appreciated.
It seems to me we are just trying to say: because ... clients should not sign entry documents unless the server is known to be able to handle the signed document in a manner consistent with the client's expectations [specifically, it cannot assume ...]. -- Björn Höhrmann · mailto:[EMAIL PROTECTED] · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
