Now that my invite has been processed and I've had a chance to read some of the wave content, I've noticed that one key fact seems to be missing from the whole XML vs JSON vs profobufs vs Whatever discussion. One of the key features of the federation protocol is signed deltas. Without signatures, spoofed content and spam become mostly unpreventable. With server signed deltas, spamy domains and evil content generating domains remain identifiable and blacklistable. The existing (protobufs based) message format already supports multiple signatures for a single delta, so adding a client signature would allow true identification and non-repudiation.
Any protocol (or more specifically any encoding) between client and server needs to support signatures. And, if more than one encoding needs to be supported, then the signature algorithm in use needs to remain valid regardless of encoding. This means that one would need to be able to verify an XML encoded delta that was originally signed and transmitted as JSON or protobufs. I know this is possible, but any protocol specification needs to explicitly describe how the signature is calculated such that the signature can be validated regardless of final encoding. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
