Monday, April 16, 2012 7:14 PM
We have tried the following
Application A -> Create a thing and signed with the valid certificate
Application B -> retrieve the thing by using a filter(assume application b developer forgot to specify the signature filter)
Application B -> update the thing
No exception is thrown, and the signature is gone.
If application B can easily override the signature, I don't see what is the point of digital sign the thing since there is no strict enforcement.
Monday, April 16, 2012 11:21 PMOwner
Signatures guarantee Thing integrity. If the signature is valid, the Thing has not been tampered with or altered. Updating a Thing alters it thereby invalidating the signature. The signature cannot be preserved in this case.
- Marked As Answer by g7steve Wednesday, April 18, 2012 7:35 PM
Sunday, June 10, 2012 3:52 PMThank's !
- Proposed As Answer by vietnamnew Sunday, June 10, 2012 3:53 PM