It's true that the typical consumer user will not need to sign deltas. But, in the business realm, signed content becomes much more important. The protocol is going to need to support signed content as well as encrypted content at some point, or it will fail to become a true e-mail replacement.
And, I agree that all signatures need to be verified, at least in the server, and probably in any non-web based client. Since the web based client will be tied to a specific server, it seems reasonable to let the server handle verification. If you can't trust the server to verify the deltas, then you probably shouldn't be using that server. On Fri, Oct 9, 2009 at 12:23 PM, Michael K <[email protected]> wrote: > > I wouldn't worry too much about mobile devices. They're evolving very > fast. Think a few years down the road. > > In any case, signing on the client can be problematic for a different > reason, namely that obtaining the certificate you need for signing is > not a simple process at all. It will be too complicated for the > majority of users. That has been discussed in the spam threads. > > Frankly, I'm not so sure it's really necessary. As long as the server > is trusted (has a valid certificate etc), and the user is > authenticated by that server, it should be enough. What is needed > however, is a way for the client to get all the servers' signatures > for a given delta and verify them. This needs to be supported by > whatever C/S protocol that will be developed. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
