Paul Hoffman wrote:
> I'm with Tim on the -1. Bob's suggestion and explanation make
> good sense for the implementer's guide, but not for the base spec.
> There is not an interoperability issue that I can see for entries
> without sources being signed.
Could we at least put in a sentence that states that including a
source element in signed entries is recommended? The implementer's guide
would then expand on that with more detail, discussion, etc. Note: I am not
suggesting use of the "should" word, although I would like it.
We can debate what it means to have an "interoperability" issue,
however, my personal feeling is that if systems are forced to break and
discard signatures in order to perform usual and customary processing on
entries that falls very close to the realm of interoperability if not within
it. Deferring this issue until the implementer's guide is written is likely
to defer it beyond the point at which common practice is established. The
result is likely to be that intermediaries and aggregators end up discarding
most signatures that appear in source feeds.
bob wyman
