Rich Salz <[EMAIL PROTECTED]> writes: >I think signatures are increasingly being used for technical reasons, not >legal. That is, sign and verify just to prove that all the layers of >middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many systems *do* screw with data (in insignificant ways, e.g. stripping trailing blanks), anyone who does massage data in such a way that any trivial change will be detected is going to be inundated with false positives. Just ask any OpenPGP implementor about handling text canonicalisation. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]