> On Aug 7, 2017, at 1:21 AM, Bron Gondwana wrote:
>
> A more cheap and nasty fix, assuming it's too late/complex to change the
> protocol more, would be to keep AS, but change the validation to only require
> checking the most recent AS, since validating the rest is meaningless.
Bron, thanks
On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote:
>> On Aug 7, 2017, at 1:21 AM, Bron Gondwana
>> wrote:>>
>> A more cheap and nasty fix, assuming it's too late/complex to change
>> the protocol more, would be to keep AS, but change the validation to
>> only require checking the most recent AS, si
On Sun, Aug 6, 2017 at 10:21 PM, Bron Gondwana
wrote:
>
> *AS adds nothing over just having AMS signing its own AAR, and then you
> only have to verify ONE signature, the most recent.*
>
>
>
> You either trust the most recent signer and trust that THEY validated the
> previous signer/SPF (and so
In article <1502083287.2191248.1065195288.7cdc7...@webmail.messagingengine.com>
you write:
>I thought long and hard about using a less inflammatory title, but I
>figure maybe going in hard is the right way here, because I'd rather
>fix this before it becomes a standard! (and thanks Dave for your
>
On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote:
>> On Aug 7, 2017, at 1:21 AM, Bron Gondwana
>> wrote:>>
>> A more cheap and nasty fix, assuming it's too late/complex to change
>> the protocol more, would be to keep AS, but change the validation to
>> only require checking the most recent AS, si
On Tue, 8 Aug 2017, at 09:22, Seth Blank wrote:
> On Sun, Aug 6, 2017 at 10:21 PM, Bron Gondwana
> wrote:>> *AS adds nothing over just having AMS
> signing its own AAR, and then
>> you only have to verify ONE signature, the most recent.*>>
>>
>>
>> You either trust the most recent signer and t
