Closed stevenvergenz closed 8 years ago
No, as the attachments
property may have other attachments.
Ah, true. but the spec still needs to be clearer about what should be omitted from the sig payload.
Changing to "minus the signature attachment".
To be fair though - this is hard to get wrong because it's not technically possible to sign the statement after the signature attachment is added. (You have to sign the statement to create the attachment).
Maybe I just missed it, but isn't the word "attachment" used to refer to both the metadata block in the attachments
property and the attachment binary itself? I'd change it to "minus the signature attachment metadata in the attachments
section"
@stevenvergenz well, it also doesn't include the signed statement attachment binary, though that's not really part of the statement anyway.
From call July 26: Revert back to "before the signature was added." as 1.0.2
@stevenvergenz the PR is merged, are you OK to close this?
With regards to signed statements, the spec currently reads:
Given that the signature isn't part of the statement, but an attachment, this wording is a little strange. Really it should be "minus the
attachments
property" as shown in the example, right?