Choice of algorithm


HMAC: 160 or 128 bits, or less
very simple implementation

DSA: 320 bits plus framing
other pubkey sigs even bigger
available code not easy to use

Pubkey sigs verifiable by recipients
expiry time must be explicit
limited replay defences