Hi Russ,
At 07:06 24-08-2011, Russ Housley wrote:
As Dave well knows, the presence of an invalid signature is
different than no signature at all. The technical community keeps
telling implementors that they are not really different, but folks
that writ code seem to think otherwise. The proposed text does not
say anything about the signature validity, At a minimum, is should
say "...of a valid signature."
Dave suggested the following (new) text as a replacement:
"Message modification can affect the validity of an existing message
signature, such as by DKIM [DKIM], PGP [RFC4880], and can render the
signature invalid. This, in turn, can affect message handling by later
receivers, such as filtering engines that consider the presence or absence
of a valid signature."
The only change from the previous text is the last line.
The only comment received from the YAM WG has been from Dave. Based
on both comments, I think we have replacement text that all parties
can live with. I'll consider this DISCUSS as addressed.
Thanks,
S. Moonesamy
_______________________________________________
yam mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/yam
