<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>I am also against allowing suspension, for the various reasons
      already well explained by others, but would be open to change my
      mind if only I should hear that - at least - Microsoft (for
      Outllook) and Mozilla (for Thunderbird) are willing to modify
      their email clients' behaviour to handle suspensions properly.
      Lacking this, I think the entire discussion is moot.<br>
    </p>
    <p>Adriano</p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">Il 26/08/2022 16:26, Tim Hollebeek via
      Smcwg-public ha scritto:<br>
    </div>
    <blockquote type="cite"
cite="mid:01000182da8be3a9-c11ef174-dcbc-48a2-8425-082c2249ba6e-000000@email.amazonses.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <style>@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:windowtext;}.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}div.WordSection1
        {page:WordSection1;}</style>
      <!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <title></title>
      <div align="center">
        <table width="30%" cellspacing="2" cellpadding="2" border="1">
          <tbody>
            <tr>
              <td valign="top" bgcolor="#ffff00"> <span style="color:
                  red;">NOTICE:</span> Pay attention - external email -
                Sender is
<a class="moz-txt-link-abbreviated" href="mailto:01000182da8be3a9-c11ef174-dcbc-48a2-8425-082c2249ba6e-000000@amazonses.com">01000182da8be3a9-c11ef174-dcbc-48a2-8425-082c2249ba6e-000000@amazonses.com</a>
              </td>
            </tr>
          </tbody>
        </table>
        <br>
      </div>
      <br>
      <div class="WordSection1">
        <p class="MsoNormal">I would love to hear from Certificate
          Consumers whether they are / are not interested in improving
          suspension in these ways.  If they are, then perhaps this is
          worth working on.  If they aren’t, then it would likely be a
          wasted effort.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">While thinking about this a bit more last
          night, I realized that the experience is probably even more a
          nightmare than I had anticipated, as the correct
          implementation
          would need to check whether the certificate was suspended at
          the
          time the email was signed, not whether the certificate is
          currently
          suspended.  I doubt it currently works that way in all current
          mail clients.  Otherwise you can retroactively invalidate a
          whole bunch of signatures that happened way before whatever
          event
          triggered the need for temporary suspension.  I don’t even
          want to think about all the games you can play with asking for
          your
          certificate to be suspended temporarily whenever you want to
          manipulate whether your historical signatures validate
          successfully
          or not.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">-Tim<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <div style="border:none;border-left:solid blue 1.5pt;padding:0in
          0in 0in 4.0pt">
          <p class="MsoNormal">The SMCWG is about to create a new
            Guideline
            document with some industry-agreed principles and policies.
            The
            fact that things are not coordinated <i>today</i> shouldn't
            prevent
            us from designing improvements for <i>tomorrow</i>. Perhaps
            some
            Certificate Consumers will decide to add the necessary
            development
            time and improve the existing implementations based on the
            SMBRs.<br>
            <br>
            <o:p></o:p></p>
        </div>
      </div>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
    </blockquote>
  </body>
</html>