>> If you don't say this what's to prevent someone from writing an
>> implementation that only supports Camilla-MAC hashing and calling it
I understand this concern but as a practical matter who would create a
signer knowing in advance that it would have trouble inter-operating?
That would be silly and such a signer wouldn't be in use for very long
would it? So, I agree with Tony and don't see a particular problem with
adopting Dave's language even though it doesn't have a MUST for signers.
Isn't the MUST implicit by virtue of the requirements on the verifier
coupled with the assumption that the author of the signing software
desires to create something that's useful? Am I missing the point here?
NOTE WELL: This list operates according to