At Tue, 7 Aug 2007 15:02:57 +1000, George Michaelson wrote: > > I want there to be a good definition of what a multiple sign looks > like, and I support the WG defining it. I suspect that it adds a very > small amount of ASN1 'overhead' in the simple case of a single-sign, > and I don't see why it causes you such a problem as a code developer.
ASN.1 overhead isn't the issue. The problems start to arise when you think about error handling and infrequently used code paths. As I said earlier in this thread: At Sat, 04 Aug 2007 13:40:39 -0400, Rob Austein wrote: > > ... just another code path that will need to be debugged and a more > complicated algorithm for deciding whether a ROA is valid (what's a > relying party supposed to do if if one signature on a ROA is valid > and the other is not? If five are valid and three are not? Is > there an upper limit to the number of signatures? At one point does > this become a denial of service attack on the relying party? ...). Seldom-used code paths tend not to get debugged. Whacky error cases that almost never occur tends not to get debugged. "Tend not to get debugged" is a technical term, meaning, among other things, that even if the developer attempts to simulate the error condition, that's still just a lab test; the code doesn't get exercised in real life until years later when some nogoodnik figures out how to turn it into a security exploit. If this were a feature I believed we needed, that need would dominate. Absent such a need, all I see is the downside. _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
