Hi Russ,
At 07:06 24-08-2011, Russ Housley wrote:
>As Dave well knows, the presence of an invalid signature is
>different than no signature at all. The technical community keeps
>telling implementors that they are not really different, but folks
>that writ code seem to think otherwise. The proposed text does not
>say anything about the signature validity, At a minimum, is should
>say "...of a valid signature."
Dave suggested the following (new) text as a replacement:
"Message modification can affect the validity of an existing message
signature, such as by DKIM [DKIM], PGP [RFC4880], and can render the
signature invalid. This, in turn, can affect message handling by later
receivers, such as filtering engines that consider the presence or absence
of a valid signature."
The only change from the previous text is the last line.
That's not correct. The original text was worded fairly differently, also
referenced S/MIME, and mentioned the possibility of other signiatures.
I don't have a problem with the approach the new text takes, but I don't
understand why the reference to S/MIME was dropped. It seems likely
it was an unintentional omission, and if so I suggest it be restored.
Ned
_______________________________________________
yam mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/yam
