[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Proposed clean up on subject text
> So, you don't see any danger in a malicious party presenting such an > assertion to another relying party that interpreted the spec's > unspecificity is this area (which I don't see actually stated anywhere) > differently -- as "bearer", for instance? This is my motivation for the > MUST clarification. No, the spec definitely doesn't say that, and we all think it should say something so that there's no confusion anymore. But, I think "unspecified" means exactly that. You can't interpret it any specific way and claim that's what the spec implied. It becomes application specific. My earlier point was that this is basically what sender-vouches means, but then I always viewed them as essentially the same... -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]