>> [...] the authenticator is invalid. >> What does this mean? Should all the data be thrown away? Should it be >> processed >> as unauthenticated? If so, what would that mean in practise ? >> Similarly for: >> All of the above steps MUST be successful to consider the >> prefixlen file signature as valid. >> What if it is not valid?
OLD: If the authenticator is not in the canonical form described above, then, the authenticator is invalid. NEW: If the authenticator is not in the canonical form described above, then, the authenticator is invalid, which means that it is treated in the same manner as an unauthenticated prefixlen data. >> The prefixlen files MUST be published via and fetched using HTTPS >> [RFC9110]. >> Does this contradict this earlier statement? I do not see a contradiction. I think this is saying that the prefixlen file must have a URL that begins with https://. Russ _______________________________________________ OPSAWG mailing list -- [email protected] To unsubscribe send an email to [email protected]
