Re: S/MIME v3.2 IDs key size text (resend, no signature)

On May 12, 2008, at 11:49 AM, Paul Hoffman wrote:
> > When feasible, sending and receiving agents SHOULD inform senders  
> > (prior
> > to transmission) and recipients of the relative cryptographic  
> > strength of
> > messages and SHOULD provide a warning if weak algorithms or key  
> > sizes are
> > used.
> I'm lost here. Using the protocol described in the document, how  
> would I send such information? How would I send such a warning?
Yet similar advice exists elsewhere in the cert handling spec:

"""
A receiving agent SHOULD provide some explicit alternate processing of  
the message if this comparison     fails, which may be to display a  
message that shows the recipient the addresses in the certificate or  
other certificate details.
"""  (ref: sec 3)

Are you saying that this should come out as well, since your objection  
to the RFC advising implementors to warn users re: key strength  
clearly also applies to the RFC advising implementors re: an email  
mismatch?
-- Tim

smime.p7s
Description: S/MIME cryptographic signature