At 4:20 AM +0200 6/20/07, A. Pagaltzis wrote:
Hi Paul, * Paul Hoffman <phoffman@xxxxxxx> [2007-06-20 02:50]:At 1:43 AM +0200 6/20/07, A. Pagaltzis wrote: >* Paul Hoffman <phoffman@xxxxxxx> [2007-06-19 21:40]: >> The method for a server to indicate to a third party whether >> or not the client signed an Entry Document is by including >> the client's signature in the published entry, even though >> that signature is likely to be invalid. >Encouraging servers Stop right there. Nothing in the quoted text *encourages* anyone. We said that there was a method, which is completely true.No, it is entirely false, because cryptographically, a consumer has no way whatsoever to know whether the signature was originally valid and where that once supposedly valid signature originally came from.
It is not "entirely false", it is still true that this is a method for saying it was signed. However, you are completely correct that it is not a method for saying that it was a valid signature. That is quite relevant.
A consumer cannot assume *anything* about an entry with an invalid signature other than that it is an entry with an invalid signature.
Fully agree. And I can see how even talking about leaving invalid signatures in can be considered an encouragement, even if it is a light encouragement.
Given this, I propose changing the paragraph to:A server is allowed to strip client-applied signatures, to strip client-applied signatures and then re-sign with its own public key, and to oversign an entry with its own public key. The meaning to a third party of a signature applied by a server is the same as a signature from anyone, as described in [RFC4287]. It is recommended that a server that is aware that it has changed any part of an Entry Document that was signed by the client should strip that signature before publishing the entry in order to prevent third parties from trying to interpret a signature that cannot be validated.