Ben Laurie responding to me:
> > The only reason to sign something is if you want to
> provide offline
> > verification of authenticity, or non-repudiation. I can't
> think of any
> > scenarios in which I'd want to verify the authenticity of a URI
> > offline. It's so much easier to just click on it.
>
> Unless you have a reverse mapping embedded in the response
> to the URL
> fetch, clicking on it doesn't verify its correctness, only its
> existence. i.e. what I'm saying is you need a defence against mallet
> finding that perverting URI mapping uri:A -> url:B to map
> uri:A -> url:C
> instead, where url:C is a working URL, has a useful effect.
How does mallet effect this perversion?
Tyler