On Monday, June 20, 2005, at 11:33 PM, James M Snell wrote:
OK, so given the arguments I previously posted in my response to Dan +
the assertion that digitally signing individual entries will be
necessary, the only real possible solution would be to come up with a
canonicalization scheme for digitally signed Atom entries.
...or as Bob said, always including a source element in signed entries,
even if they're in the origin feed.
The following is all academic at this point, but here's "pseudofeed" of
what I'd like to have seen...part of it only in retrospect:
<feed>
<head><!--it's baaaack!-->
[feed metadata]
<Signature xmlns="..." /><!--the feed head is signed--the entire feed
could be too, but this is for aggregation-->
</head>
<entry>
[entry metadata and content]
<feedsig><!--a copy of the feed's head's signature, so that the entry
can be verifiably linked to the signed feed metadata--></feedsig>
<Signature xmlns="..." /> <!--the entry is signed, including the
local copy of the feed head signature-->
</entry>
<entry>
[entry metadata and content]
<feedsig>...</feedsig>
<Signature xmlns="..." />
</entry>
[etc.]
</feed>
Of course, aggregating this while preserving the signatures' validity
would require a different aggregation model than what we've
chosen--like what I proposed for aggregation documents. (Indentation
added for readability--in practice, that would break the signature,
right?):
<aggregation>
[aggregation metadata]
<feed>
<head>
[feed metadata]
<Signature xmlns="..." />
</head>
<entry>
[entry metadata and content]
<feedsig>...</feedsig>
<Signature xmlns="..." />
</entry>
</feed>
<feed>
[etc.]
</feed>
[etc.]
</aggregation>
