Hi, Paul Hoffman wrote:
> Fully agree. And I can see how even talking about leaving invalid > signatures in can be considered an encouragement, even if it is a light > encouragement. > > Given this, I propose changing the paragraph to: > > A server is allowed to strip client-applied signatures, to strip > client-applied signatures and then re-sign with its own public key, and > to oversign an entry with its own public key. The meaning to a third > party of a signature applied by a server is the same as a signature from > anyone, as described in [RFC4287]. It is recommended that a server that > is aware that it has changed any part of an Entry Document that was > signed by the client should strip that signature before publishing the > entry in order to prevent third parties from trying to interpret a > signature that cannot be validated. > What does it mean to "strip" a signature? Might it be worth noting that in such cases, the server is recommended to "remove the child element of the Entry Document with the namespace URI http://www.w3.org/2000/09/xmldsig# and a local name of Signature" (as specified for signature addition in RFC4287)? Regards, - John Kemp
