On Tue, Dec 5, 2017 at 1:37 PM, Adam Roach <[email protected]> wrote: > On 12/5/17 15:34, Gould, James wrote: > >> Ok, I believe whether it’s a SHOULD or a MUST, it would need to go >> through the working group. The proposal would then be to add the sentence >> “When using digital signatures the server MUST validate the digital >> signature.” to the end of the 2.6.3 “Digital Signature” paragraph. >> > > > I agree that the addition of a normative requirement like this would need > WG sign-off. >
I'm pretty surprised to hear this. Presumably any system which has digital signatures actually needs those signatures to be verified. When I made this point, I was just talking about clarity, but perhaps people have some different idea about how the system is supposed to work. -Ekr > Chairs -- please treat this the same as the normative statement change Ben > has requested. > > /a > >
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
