On Tue, Aug 10, 2021 at 5:05 AM Jesper Kristensen <[email protected]> wrote:
> Hi Ryan > > You seem to only focus on how the recipient email application will > validate a certificate chain it receives. Do you disagree that it is > important how the sending email application chooses what chain it will put > in the message? > I am focused on that point, because that is the current point of discussion. That doesn’t detract from discussing other things, but with respect to the original statement, the follow-up question, the subsequent testing, and the follow-ups there, the focus was, and is, how the recipient will behave. Certainly, sender behavior can have relevance, but given that the specific concern here is new software at the sender (“new” in some unavoidable sense, as the concern captured this far is about the existence of the new root in the sender) needing to communicate with a recipient on an older version, the primary point of discussion is simply trying to be explicit about what in particular is concerning about the recipient. > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAErg%3DHHMmh83R_jhw24SC%3DA_g-o7k72etB1qmsk3vZ-q2YBHjQ%40mail.gmail.com.
