On 10/02/2012 04:38 PM, Jim Schaad wrote: > But one of the current precepts of ABFAB is that you are not going to be in > a single trust anchor world, the TA of the signer may not be known or > trusted by the acceptor. This means that you probably cannot validate the > signature even if it is present.
Sure. That says you have a hard problem. But not that hop-by-hop integrity is sufficient, nor that "ignore the signature" is the right MUST implement. S. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
