In <19990317090043(_dot_)36237(_at_)main(_dot_)templetons(_dot_)com> Brad
Templeton <brad(_at_)templetons(_dot_)com> writes:
On Wed, Mar 17, 1999 at 11:54:40AM -0500,
Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
There is no need to "sign" a "signed" header. Can you tell me why you
would want to do this? A "signed" header (and any certificate) is
verifiable on its own when paired with the signed headers and body. I
No, the standard proposed a complex mechanism of self-signing parts of
the signed header (a canonicalized expansion of the header list, and
all the other parts except the signature)
There is an example in my Draft of a Signed header that is itself signed.
I think it was a realistic case, though I agree it will not be common.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Email: chl(_at_)clw(_dot_)cs(_dot_)man(_dot_)ac(_dot_)uk Web:
http://www.cs.man.ac.uk/~chl
Voice/Fax: +44 161 437 4506 Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5