No subject

ols in the past, Signing XML as XML rather than as opaque data is a pain in =
the neck and should be avoided. XML encryption is easier precisely because y=
ou have to encrypt the XML as data, not via some flexible ruleset against so=
me mungable object structure. <BR>
<BR>
</SPAN></FONT></FONT><BLOCKQUOTE><FONT SIZE=3D"4"><FONT FACE=3D"Arial"><SPAN ST=
YLE=3D'font-size:11pt'><BR>
It might well be. I haven't heard much interest in digital signatures<BR>
for IM (heck, even email signing is not very popular, for example I'm<BR>
one of the only people posting to this list who signs his email with an<BR>
X.509 signature). I have heard some interest in end-to-end encryption,<BR>
but it's difficult even to get people interested in encryption.<BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE=3D"4"><FONT FACE=3D"Arial"><SPAN S=
TYLE=3D'font-size:11pt'><BR>
The security systems are themselves a network effect; I can't really care u=
ntil I'm sure its available for everyone I communicate with. For the types o=
f communication I typically have over IM, I would rather send the message un=
signed/unencrypted than not send it. If communications were encrypted, I wou=
ld probably put more high-value communications over IM. <BR>
<BR>
Signatures have little value for me on their own however. In an IM context,=
 if a message has enough value to be signed to prevent forgery, it better al=
so be encrypted to prevent someone else from reading it. <BR>
<BR>
-DW<BR>
<BR>
</SPAN></FONT></FONT></BLOCKQUOTE>
</BODY>
</HTML>


--B_3290453646_260127--