On May 12, 2008, at 11:49 AM, Paul Hoffman wrote:
When feasible, sending and receiving agents SHOULD inform senders
(prior
to transmission) and recipients of the relative cryptographic
strength of
messages and SHOULD provide a warning if weak algorithms or key
sizes are
used.
I'm lost here. Using the protocol described in the document, how
would I send such information? How would I send such a warning?
Yet similar advice exists elsewhere in the cert handling spec:
"""
A receiving agent SHOULD provide some explicit alternate processing of
the message if this comparison fails, which may be to display a
message that shows the recipient the addresses in the certificate or
other certificate details.
""" (ref: sec 3)
Are you saying that this should come out as well, since your objection
to the RFC advising implementors to warn users re: key strength
clearly also applies to the RFC advising implementors re: an email
mismatch?
-- Tim
smime.p7s
Description: S/MIME cryptographic signature