Where I see a problem we cannot dismiss with a warning is when SOAP nodes add/remove items in transit -- things which have an actor. If an element (say AckRequested or SyncReply) is added with an extra blank line, or if at the intermediary an extra blank line is removed with the element, this will invalidate the signature. I agree with Sanjay, it is not reasonable to expect intermediaries to add/remove elements without disturbing the signature. His solution fixes this potential problem. I also agree with Doug about the cost of adding a transform, but this looks necessary. We could probably solve the problem with a warning if we did not allow anything targeted to Next or NextMSH. Regards, David.