> Regardless of where the MIME headers are duplicated -- whether the
> manifest or in the signature element as an object -- the point is it
> needs to be required, not optional.
absent other protection guarantees.
--
Zolera Systems, Securing web services (XML, SOAP, Signatures,
Encryption)
http://www.zolera.com