brianjmiller
commented
8 years ago No, as the attachments property may have other attachments.
Closed stevenvergenz closed 8 years ago
brianjmiller
commented
8 years ago No, as the attachments property may have other attachments.
stevenvergenz
commented
8 years ago Ah, true. but the spec still needs to be clearer about what should be omitted from the sig payload.
garemoko
commented
8 years ago Changing to "minus the signature attachment".
To be fair though - this is hard to get wrong because it's not technically possible to sign the statement after the signature attachment is added. (You have to sign the statement to create the attachment).
stevenvergenz
commented
8 years ago Maybe I just missed it, but isn't the word "attachment" used to refer to both the metadata block in the attachments property and the attachment binary itself? I'd change it to "minus the signature attachment metadata in the attachments section"
garemoko
commented
8 years ago @stevenvergenz well, it also doesn't include the signed statement attachment binary, though that's not really part of the statement anyway.
garemoko
commented
8 years ago From call July 26: Revert back to "before the signature was added." as 1.0.2
garemoko
commented
8 years ago @stevenvergenz the PR is merged, are you OK to close this?
With regards to signed statements, the spec currently reads:
Given that the signature isn't part of the statement, but an attachment, this wording is a little strange. Really it should be "minus the
attachmentsproperty" as shown in the example, right?