On 02/13/2014 08:09 PM, Matthew Miller wrote: > It's not trivial, but it doesn't require either of those things. I think a > signing server with less security than Sigul would be adequate, or else a > Sigul instance with more relaxed policies. -1 Rather no signing at all than less secure signing. Mirek