-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/2/09 2:59 PM, Dirk Meyer wrote: > Peter Saint-Andre wrote: >> On 6/2/09 1:56 PM, Dave Cridland wrote: >> >>> it's formatting, since ideally you want to >>> sign everything (including <iq/>) in a way that lets those signatures be >>> ignorable to naïve actors, which is going to be a tough one to solve. >>> (Easy for messages, but impossible for <iq/> as far as I can see.) >> Some folks who said they were using XMLdsig for XMPP were lobbying me to >> relax the one-payload rule for IQs so that they could include the >> signature along with the regular payload. > > IMHO XMLdsig is very scary. That is one reason why I changed XEP-0189 to > use binary format. I have no idea how to support signatures only, but > encrypt and sign can work without XMLdsig. Just take the stanza, encrypt > it, and sign the binary data. But I admit, I'm not up-to-date what > XMLdsig is doing.
I agree about XMLdsig. Any technology that has needed 3 or 4 different canonicalization transforms is scary to me. :) Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoll7QACgkQNL8k5A2w/vxm3gCfZWGwfVrwhPD7E7bZjCJv4rPl bPAAoLOreKCBpbUzIyUSTOFKsXhLn0ZW =SMGg -----END PGP SIGNATURE-----
