How do you deliver the signature to the client. If it is through the unencrypted channel, then the signature could also be MitM'd.