On Thu, 18 May 2006, John Levine wrote:
NEW: If there are
NEW: multiple query mechanisms listed, the choice of query mechanism
NEW: MUST NOT change the interpretation of the signature. An
NEW: implementation MUST use the recognized query mechanisms in the
NEW: order presented.
I can live with either of these sentences, but they don't make sense
togther. If all of the mechanisms will give you the same answer, why
shouldn't I be allowed to send out all the queries at once and take
the one the comes back first? Or if new ones are supersets of old
ones, prefer the more informative one?
All mechanisms must allow you to actually verify the signature crypto,
but I think the point is that it might not give you the same answer if
one of the mechanisms is more advanced. What would be expected is
that those systems that are using newer versions of software will
know how to use these new mechanisms whilte older systems will just
ignore them and use the ones they know about. As to doing queries
in parallel - if you know two mechanisms give you the same answer
(i.e. one is not more advanced or its advanced features are not
used by particular implimentation), then sure, go ahead.
NOTE WELL: This list operates according to