At 4:20 AM +0200 6/20/07, A. Pagaltzis wrote:
Hi Paul,
* Paul Hoffman <[EMAIL PROTECTED]> [2007-06-20 02:50]:
At 1:43 AM +0200 6/20/07, A. Pagaltzis wrote:
>* Paul Hoffman <[EMAIL PROTECTED]> [2007-06-19 21:40]:
>> The method for a server to indicate to a third party whether
>> or not the client signed an Entry Document is by including
>> the client's signature in the published entry, even though
>> that signature is likely to be invalid.
>Encouraging servers
Stop right there. Nothing in the quoted text *encourages*
anyone. We said that there was a method, which is completely
true.
No, it is entirely false, because cryptographically, a consumer
has no way whatsoever to know whether the signature was
originally valid and where that once supposedly valid signature
originally came from.
It is not "entirely false", it is still true that this is a method
for saying it was signed. However, you are completely correct that it
is not a method for saying that it was a valid signature. That is
quite relevant.
A consumer cannot assume *anything* about an entry with an
invalid signature other than that it is an entry with an invalid
signature.
Fully agree. And I can see how even talking about leaving invalid
signatures in can be considered an encouragement, even if it is a
light encouragement.
Given this, I propose changing the paragraph to:
A server is allowed to strip client-applied signatures, to strip
client-applied signatures and then re-sign with its own public key,
and to oversign an entry with its own public key. The meaning to a
third party of a signature applied by a server is the same as a
signature from anyone, as described in [RFC4287]. It is recommended
that a server that is aware that it has changed any part of an Entry
Document that was signed by the client should strip that signature
before publishing the entry in order to prevent third parties from
trying to interpret a signature that cannot be validated.
