This sounds very good, but what about detached signatures? A detached
signature doesn't carry the text with it, so wouldn't the the text
(presumably delivered via http or ftp, which can change line endings)
need to be re-canonicalized for signature verification? To a certain
degree this applies to a clearsigned document as well.
Email delivery of the text is a whole other can of worms, though it
could be argued that if it's email, it should be PGP/MIME. Even so,
canonical text should be able to handle the most common sorts of email
butchery without PGP/MIME.
David
--
David Shaw | Technical Lead
<dshaw(_at_)akamai(_dot_)com> | Enterprise Content Delivery
617-250-3028 | Akamai Technologies