At 10:02 PM -0400 4/26/05, Bob Wyman wrote:
Paul Hoffman wrote:
The intermediary can, however, add a signed extension that
says "this message was earlier signed by Xyzzy, and we verified that
signature before we changed things."
Forgive me if I'm missing something obvious... While I unde
Paul Hoffman wrote:
> The intermediary can, however, add a signed extension that
> says "this message was earlier signed by Xyzzy, and we verified that
> signature before we changed things."
Forgive me if I'm missing something obvious... While I understand
that such a statement could be
At 2:54 AM -0400 4/25/05, Bob Wyman wrote:
One other *significant* limitation in Atom's support for signatures
is that there is no way for an intermediary to add to or otherwise modify an
Atom entry without breaking the signature.
That's a purposeful design property of digital signatures. T
Bob Wyman wrote:
One other *significant* limitation in Atom's support for signatures
is that there is no way for an intermediary to add to or otherwise modify an
Atom entry without breaking the signature.
If people want to send out signed entries with an XPath filter[0] that
gives intermed
Dan Sandler wrote:
> This essentially means that intermediate entities which parse and
> re-emit Atom feed data (such as aggregators or caches) must remember
> "semantically meaningless" details, such as the order of elements, in
> order to re-construct the Atom feed XML in a way that preserves
On Apr 22, 2005, at 3:28 PM, Paul Hoffman wrote:
They need to pay attention to much more than just the order of the
entries to make sure the signature is valid. Every bit, and every
bit's order, counts.
Actually, not really. I think XML DSig specifies canonical XML
(right?), so
and
Dan Sandler wrote:
This essentially means that intermediate entities which parse and
re-emit Atom feed data (such as aggregators or caches) must remember
"semantically meaningless" details, such as the order of elements, in
order to re-construct the Atom feed XML in a way that preserves
signatu
Tim Bray wrote:
On Apr 22, 2005, at 3:28 PM, Paul Hoffman wrote:
They need to pay attention to much more than just the order of the
entries to make sure the signature is valid. Every bit, and every
bit's order, counts.
Actually, not really. I think XML DSig specifies canonical XML
(