Re: There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)

From: Russ Allbery (rra@stanford.edu)
Date: Sat Mar 02 2002 - 14:39:21 CST

• Next message: Erland Sommarskog: "Re: Replying to a message"
• Previous message: Charles Lindsey: "There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"
• In reply to: Charles Lindsey: "There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"
• Next in thread: Charles Lindsey: "Re: There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"

Charles Lindsey <chl@clw.cs.man.ac.uk> writes:

> He raises a point with regard to the Supersedes header. Currently, if it
> is signed (by pgpverify/whatever, though that is hardly current practice
> yet) and the signature fails to check, our draft says the article SHOULD
> be discarded (though it MAY be stored as an ordinary article - naturally
> the old article would not then be deleted, of course).

> He suggests to promote that SHOULD to MUST. Personally, I see no reason
> why the server admin should not have discretion here, so I just pass on
> the suggestion for your consideration.

Can we say that when we have no defined signing protocol?

Also, it's often useful to have copies of those messages available for
both debugging (if you *should* have been able to cancel the message but
the check failed) and for abuse tracking. That's the main reason why I
can see for keeping them around rather than discarding them.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

• Next message: Erland Sommarskog: "Re: Replying to a message"
• Previous message: Charles Lindsey: "There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"
• In reply to: Charles Lindsey: "There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"
• Next in thread: Charles Lindsey: "Re: There is a "c" in "Security" (was: Re: MIME Security with OpenPGP)"