I would strongly disagree that the place to put this is in the CMS or
S/MIME specifications. This is the type of statement which belongs in
the Certificate Policy statment for the certificate itself and not on
individual signatures. I don't see a case where you would have some
signatures from a person being binding and some not binding. (What
happens if the signer forgets to set the bit, does it then become
binding on the corperation?)
This is a Certificate Extension issue (and can be critical there) and
not a signature issue.
-----Original Message-----
From: Paul Hoffman / IMC [mailto:phoffman(_at_)imc(_dot_)org]
Sent: Friday, January 02, 1998 9:47 AM
To: ietf-smime
Subject: Re: CMS Critical flag for signed attributes?
At 12:33 PM 1/2/98 -0500, Phillip Hallam-Baker wrote:
I agree, but I want to make sure that the resulting wording makes a
critical attribute something that can be raised in court as something
a recipient should have made themselves aware of before relying on the
document as an agreement.
Boy, I'd like to see some suggested wording for this. This doesn't sound
like typical wording for IETF specifications, does it? :-)
--Paul Hoffman, Director
--Internet Mail Consortium