* Paul Hoffman <[EMAIL PROTECTED]> [2007-06-20 17:55]: > Given this, I propose changing the paragraph to: > > A server is allowed to strip client-applied signatures, to > strip client-applied signatures and then re-sign with its own > public key, and to oversign an entry with its own public key. > The meaning to a third party of a signature applied by a server > is the same as a signature from anyone, as described in > [RFC4287]. It is recommended that a server that is aware that > it has changed any part of an Entry Document that was signed by > the client should strip that signature before publishing the > entry in order to prevent third parties from trying to > interpret a signature that cannot be validated.
That is perfectly fine with me. Thank you. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/>
