@raphael what do you mean by "self authenticating"?

@evan

> You can't use abbreviated versions of the object.

Why not? I would expect the signature in a document only to authenticate the document, not as an intrument to validated the objects referenced in the document.

@mariusor

Depends on your definition of "malicious", but there are servers offering "community migration" that works by taking all the objects from one actor and rewriting as their own and changing the to/audience fields. Somehow this rubs me the wrong way.

@mariusor @evan

identifying != authenticating.

Anyone can generate a document that looks like it came from your server, but if the document has a signature embedded in the document, we can verify its authenticity just by having your public key.

@evan

I mean "using something like Linked Data signatures, so that anyone can verify the authenticity of the message even if it server is not around anymore"