13 Dec
2007
13 Dec
'07
7:03 a.m.
Valerio Venturi wrote:
Hi all, it looks to me that most of the doubts are not on integrity and confidentiality in themselves, but about considering them more important than authentication. Is assuring that something you don't know where is coming from wasn't altered important? The case of policy requests you mentioned is even more critical
I meant that Chad has mentioned, it was in a previous mail but I could imagine cases where deployers had a more lax view, especially on the policy request. So, I just left it as a SHOULD so that individual deployments could choose not to do it, if they wanted. Valerio