ietf-smime
[Top] [All Lists]

Re: cert-03 - signature validation failure

1998-04-07 10:21:59


Elliott Ginsburg wrote:

I want to propose a change to how signature validation failure is handled. In
the current draft, it essentially says that the user agent must do something
when signature validation fails, but what it does is up to the implementation.
I don't think it is acceptable to leave this decision unspecified; here is
some
of my rationale:

Your rationale, it seems to me, argues for leaving the action unspecified in the
spec. If we pick a particular security policy in the spec, we preclude the use 
of
S/MIME in shops which have different security policy.

Some products targeted for specific environments will implement a policy
consistant with that environment. Many products will provide flexible validation
policies that can be configured by a system administrater. All of these argue 
for
*NOT* specifying these semantics in the spec. Validation belongs to some other
working group as it goes well beyond just checking email signatures.

bob