> Ralph Hartley wrote:
> > Ok, then there is no need for any signed SLS entries at
> all. An SLS
> > isn't trusted to check them anyway. To prevent DOS attack
> > masses of bad entries, an SLS MAY check any SLS entry it
> receives in
> > the same way the client does.
Confused again. I am going to have to stop answering mail in the afternoons. ;)
The SLS entry is signed because the particular scheme may not be an authenticated scheme. Although this is being built for E and Droplets to use, the most common use will probably be unauthenticated HTTP. The more uses there are for the software, the more likely it is that we will build something that will stick.