I still believe that ESS, Sec 3.1.2 should include the following: "Receiving
agents SHOULD have a local policy regarding whether or not to show the inner
content of a signedData object that includes an eSSSecurityLabel
security-policy-identifier that the processing software does not recognize.
If the receiving agent does not recognize the eSSSecurityLabel
security-policy-identifier value, then it SHOULD stop processing the message
and indicate an error."
Notice that these are SHOULDs, not MUSTs. The local organization still has
the freedom to formulate their own security policy requirements.
I agree that the ESSSecurityLabel security-policy-identifier must be
mandatory. That was approved at the 30 Mar S/MIME WG meeting.
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
At 07:42 PM 3/27/98 -0800, John Ross wrote:
What happens if a recipient receives a forwarded message that include a
security policy in the eSSSecurityLabel that he/she in does not understand,
is that still an error?
I think the proposed text will mislead implementations to always discarding
the message if a security policy is unknown. I do not think that is right.
All I think needs to be done is to leave such decisions to local policy;
Thus reword your text as..
"Receiving agents SHOULD have a local policy which specifies
what action is taken when an eSSSecurityLabel is received which
includes a security-policy-identifier that the processing software
does not recognize."
If think there is a need to specify default handling, then It should be to
security labels when the policy is not understood.
Also, I still think that the security policy should not be optional.