Antone Roundy wrote:
On Wednesday, May 25, 2005, at 06:14 PM, James M Snell wrote:
Ignoring the overhead that it adds for now, isn't this the kind of
situation digital signatures are designed to handle?
Sure, but how many publishers are going to be using digital signatures
in the near term (and more importantly, how many aren't?), and who
knows how many consuming applications will support them. Until
digital signatures start providing more help with this kind of thing,
let's provide a warning to developers so that they can at least
consider what they might do to safeguard the quality of their users'
experience.
Oh, absolutely, I was simply making an observation and thinking a bit
about whether or not it would make sense to have some language as part
of the warning that mentioned the potential application of digital
signatures to solving this problem. I dunno, just thinking out loud
here a bit.
And I just thought of another thing (I don't know how digital
signatures work in this case, so I may be missing something, but I'm
pretty sure the following is at least partially valid): if I get an
entry with a valid digital signature and one with no signature (both
with the same atom:id, of course), then what? Do I always accept the
one with the signature? If so, then DOSing/spoofing unsigned entries
will be even easier, because all you'd have to do is sign your fake
entry. So even in that case, some extra checking might have to be
done before concluding that the entries are duplicates, and that the
unsigned one is the one that's disposable.
Well, it comes down to whether the signature is trusted by the reader or
not. If the signature in the entry is not from the trusted, expected
source, the user should be able to reject it in favor of the unsigned
entry.
Without any kind of cryptographic guarantee of this sort, the best
you could do is make an educated guess.
Wouldn't that be better than nothing until digital signatures become
more ubiquitous?
Absolutely... see my first response above ;-)
Would it make sense to include some language along these lines?
Sure.
