On Thu, 05 May 2011 21:24:00 +0100, Barry Leiba
<barryleiba(_at_)computer(_dot_)org>
wrote:
Doug says...
This can *only* be achieved by some mandatory test within the Verifier.
Not at all; that's exactly Dave's point in discussing the difference
between the protocol and the software system that wraps around it.
The Verifier is a component that verifies the signature, and that's
all we're defining normatively here. Other parts of the system will
evaluate things whether the verified signature can be relied upon, and
what it can be relied upon for; whether the domain that signed it is
trustworthy; whether a failed signature can nonetheless provide useful
information; and so on.
Not so. As you should know from off-list discussions, that sentence is
actually mine, though used in a marginally different context than Doug
used it.
IF there were to be some "mandatory test within the Verifier", then that
test would be, ipso facto, a part of the protocol and not part of the
"software system that wraps around it". So your argument was circular :-( .
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html