--On July 5, 2005 9:53:42 AM -0700 Tim Bray <[EMAIL PROTECTED]> wrote: >>> >> Bob can clarify exactly what he means but from my perspective it >> comes down to an aggregation problem. If a signature is generated >> over an entry that does not contain an author element or a source >> element, that entry cannot be re-enveloped into an aggregate feed >> that does not contain a top level author element without breaking >> the signature > > Well, yes. Anyone who understands digsig, even someone such as myself with > only a surface knowledge, can see this. You can't change a signed object > without breaking the sig, that's the point. If I want to sign an entry and > also want to make it available for aggregation then yes, I'd better put in > an atom:source. But this is inherent in the basic definition of digsig; not > something we need to call out. -Tim
But it is an interoperability consequence of the Atom format and cascaded values. It would be worth commenting that signed entries need to be standalone in order to be aggregated in another feed and keep their signature. wunder -- Walter Underwood Principal Architect, Verity
