>>>>> "Stephen" == Stephen Farrell <[email protected]> writes:
Stephen> On 10/03/2012 02:58 PM, Sam Hartman wrote:
>> So, I'm a bit confused why we're discussing whether hop-by-hop
>> integrity is good enough.
Stephen> I guess its at minimum a reaction to ignoring a signature.
Stephen> It may well be ok, but I think it needs justifying, if the
Stephen> WG go this way.
I'd like to push back on this reaction in the strongest possible terms.
The idea that it's bad to ignore a signature, but it would be acceptable
to not have a signature at all decreases the value of signatures. It
means that by adding a signature we decrease interoperability. However
if the RP would accept an unsigned object, we gain no security
advantage.
I'd like to ask you to think about whether that reaction--the negative
response to ignoring a signature--is ever appropriate in a case where
the signature is optional. If so I'd like to understand why.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
