On Thu, 2004-05-06 at 09:15, Hallam-Baker, Phillip wrote:
3) MUAs should support S/MIME signature
But failure of a signature should not disrupt the user interface
unless it is known that all mail from that domain is signed.
Did you perhaps mean here to say:
"But /absence/ of a signature should not disrupt the user interface,
unless..."
If all MUAs support S/MIME signature, and a signature is present,
failure of the signature to validate should definitely raise a flag. If
the signature is completely missing and the domain has made the
assertion that it always signs messages, that should definitely also
raise a flag.
I'm not sure I understand why you suggest that the failure of a
signature to validate would only alert the user if the domain has made
the assertion that it signs all messages...
--
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/spf-draft-200404.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
signature.asc
Description: This is a digitally signed message part