(jumping in with little context...) On 10/02/2012 02:34 PM, Sam Hartman wrote: > I think that we need to have a mandatory-to-implement policy for > signature handling to guarantee interoperability. I think that > mandatory-to-implement policy should be ignore the signature in all its > bulk.
Defining signature "handling" as ignoring the signature would seem very insecure, no? How'd you justify that? It'd seem to call for a lot of security considerations text at minimum. S. > > I'm fine with implementations having other policies. > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab > > _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
