hack of VOEvent to include W3C signature

[Rob Seaman]

Howdy,

> One aspect of reliable messaging is ensuring the packet comes via  
> the route you think it should so if a user subscribes to a broker  
> how can they verify that packets are coming via the broker and not  
> from some phishing broker: only if the broker attaches its  
> signature to the VOEvent as it relays packets from a publisher (who  
> also signed the VOEvent).

Am a little unclear how VOEvent phishing would work - how would the  
phish bite?  Certainly unsigned packets would be subject to man-in- 
the-middle attacks, if you can call a unidirectional interception and  
substitution such a thing.  Suppose the iamalive and acks also  
provide some level of confidence against shenanigans.  This does  
raise the issue of guaranteed receipt again, though.

Ultimately, do we care what path the packets take to get from point A  
to point B?  An originating signature remains valid whether or not Al  
Capone (or Truman Capote) is fiddling with the packets betwixt.

> I would like to second Steve's additions to v1.1 of the schema.

Certainly agree that we will need the ability to attach one or more  
signatures.  (How often these will be used in practice will be an  
interesting experiment.)  Not convinced the signatures will need to  
retain information about their ordering (or the addition of other  
tracking metadata).

Rob