W3C home > Mailing lists > Public > www-html@w3.org > September 1999

Re: signature tag

From: George Lund <george@lundboox.demon.co.uk>
Date: Wed, 8 Sep 1999 13:16:28 -0400 (EDT)
Message-ID: <ZhUfjCAyfp13IAVS@lundboox.demon.co.uk>
To: www-html@w3.org

>>>          I suggest add a tag to html, then we can add a signature to 
>>>          an HTML file.

I don't see how this could possibly work.

When you sign a piece of data, the data itself must be used to form part
of the signature. The signature is "unique to both the contents of the
message and your private key" (from the PGP help file).

Therefore the signature itself must be separate to the document. If the
signature was part of the document, it would have to create a key based
in part upon itself, which would be circular and very impossible.

If you want to sign an HTML document the only way would be to create the
signature as a separate file, and then link to it e.g. via the Link HTTP
header (which doesn't exist in HTTP 1.1. for reasons I don't know - it
would be very useful were it to be implemented).

Of course I may have picked up the wrong end of various sticks and my
argument could therefore be total doo-doo.

-- 
George Lund
Received on Thursday, 9 September 1999 04:28:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:39 GMT