John Ross wrote:
What happens if a recipient receives a forwarded message that include a
security policy in the eSSSecurityLabel that he/she in does not understand,
is that still an error?
Absolutely. The security label must be marked critical, so the inability
to process the critical attribute must cause an error to be reported to the
user.
I think the proposed text will mislead implementations to always discarding
the message if a security policy is unknown. I do not think that is right.
We disagree. Rule-based access control cannot be enforced if the recipient
is allowed to ignore the security label.
All I think needs to be done is to leave such decisions to local policy;
Thus reword your text as..
"Receiving agents SHOULD have a local policy which specifies
what action is taken when an eSSSecurityLabel is received which
includes a security-policy-identifier that the processing software
does not recognize."
If think there is a need to specify default handling, then It should be to
ignore security labels when the policy is not understood.
Completely disagree!
Also, I still think that the security policy should not be optional.
Wow. We agree on this one. The syntax that we are using comes from X.411.
In X.411, this field is optional, and we are trying to maintain
compatibility. I suggest that we use english text to state that the
security policy must be present.
-- Russ