RE: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

At 10:02 PM -0400 4/26/05, Bob Wyman wrote: Paul Hoffman wrote: The intermediary can, however, add a signed extension that says "this message was earlier signed by Xyzzy, and we verified that signature before we changed things." Forgive me if I'm missing something obvious... While I unde

RE: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

Paul Hoffman wrote: > The intermediary can, however, add a signed extension that > says "this message was earlier signed by Xyzzy, and we verified that > signature before we changed things." Forgive me if I'm missing something obvious... While I understand that such a statement could be

RE: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

At 2:54 AM -0400 4/25/05, Bob Wyman wrote: One other *significant* limitation in Atom's support for signatures is that there is no way for an intermediary to add to or otherwise modify an Atom entry without breaking the signature. That's a purposeful design property of digital signatures. T

Re: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

Bob Wyman wrote: One other *significant* limitation in Atom's support for signatures is that there is no way for an intermediary to add to or otherwise modify an Atom entry without breaking the signature. If people want to send out signed entries with an XPath filter[0] that gives intermed

RE: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

Dan Sandler wrote: > This essentially means that intermediate entities which parse and > re-emit Atom feed data (such as aggregators or caches) must remember > "semantically meaningless" details, such as the order of elements, in > order to re-construct the Atom feed XML in a way that preserves

Re: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

On Apr 22, 2005, at 3:28 PM, Paul Hoffman wrote: They need to pay attention to much more than just the order of the entries to make sure the signature is valid. Every bit, and every bit's order, counts. Actually, not really. I think XML DSig specifies canonical XML (right?), so and

Re: DSig (was: Comments on atompub-format-08 (Modified by Tim Bray))

Dan Sandler wrote: This essentially means that intermediate entities which parse and re-emit Atom feed data (such as aggregators or caches) must remember "semantically meaningless" details, such as the order of elements, in order to re-construct the Atom feed XML in a way that preserves signatu

Re: DSig

Tim Bray wrote: On Apr 22, 2005, at 3:28 PM, Paul Hoffman wrote: They need to pay attention to much more than just the order of the entries to make sure the signature is valid. Every bit, and every bit's order, counts. Actually, not really. I think XML DSig specifies canonical XML (