On May 2, 2014, at 8:01 AM, Russ Housley <housley(_at_)vigilsec(_dot_)com>
Your last point is incorrect. There have been many I-D signatures that are
correct using id-ct-asciiTextWithCRLF. There are software bugs, and they
are being worked, but some of the signatures are valid.
Are you saying there will be significant negative operational impact of
replacing those signatures with new ones? Given the "some" in that last
sentence, I'm not sure I can imagine the problems.
New signatures need to be generated for the I-D where there was a
canonicalization problem. The ones that did not have a canonicalization
problem do not need new signatures.
Quite true. We could have two different content types on the signatures, the
old and the new. That seems silly, though, if no one is relying on the old
smime mailing list