S/MIME WG:
I thought we were going down this track, but I still see a fair amount of
discussion of recipient processing of mis-matched labels. When did we
change course, and why?
Russ
At 09:04 AM 3/6/98 -0500, David P. Kemp wrote:
Blake & Russ:
Actually there is a third choice which is to wrap the whole thing in a new
signature blob.
However, I am afraid that I have to agree with Blake, I think that the act
of just simply adding a signature from some unknown (and stupid) third
party
should not cause the message to be unavailable. I think it is sufficent to
check for some attribute (after all you are already check for duplciates
anyway) and say that you must verify some Security Label if it exists.
jim
The unknown third party, if he were malicious, could do anything, including
adding a signature with a non-matching label to cause the message to be
unavailable (which the recipient could just strip off to make it available
again :-). If the third party were just stupid, his user agent should
warn him if he tries to add an unlabeled signature to a labelled message.
I agree with Russ that interpreting a mix of labelled and unlabelled
signatures is more confusing than requiring all signatures to be generated
with a consistent label. The onus of making sense should fall on the
generators, not the receivers.
Dave Kemp