>>> Straightforward case analysis: >>> >>> 1-a: throw message away, it's forged [for "I sign all; bad sig"] >> >>No, don't throw it away ...
>Yes, throw it away. ... This lack of consensus on SSP semantics tells me that attempts to standardize it are extremely premature. The ASRG is down the hall and would be thrilled if people wanted to do some experiments and collect some data to see what the level of signature breakage really is so they can come back later with rough consensus and running code. R's, John PS: >Imagine if the people who implemented VPN decided that because >there might be non-standard networking equipment that causes problems, >it should be ok sometimes to establish a VPN connection even when >the authentication didn't work. If VPNs had to operate through millions of legacy application level gateways, who knows what they might have decided. If my recollection about buggy Windows VPNs are right, they've come pretty close anyway. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
