If the server performs a signature verification, and then the client performs a signature verification, the results might not be the same due to different trust anchor stores or a revocation that takes place between the two verifications. I think this situation should be described in the Security Considerations. Russ > On Aug 23, 2021, at 12:34 PM, The IESG <iesg-secretary@xxxxxxxx> wrote: > > > The IESG has received a request from the JSON Mail Access Protocol WG (jmap) > to consider the following document: - 'S/MIME signature verification > extension to JMAP' > <draft-ietf-jmap-smime-07.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@xxxxxxxx mailing lists by 2021-09-04. Exceptionally, comments may > be sent to iesg@xxxxxxxx instead. In either case, please retain the beginning > of the Subject line to allow automated sorting. > > Abstract > > This document specifies an extension to JMAP for returning S/MIME > signature verification status. > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-jmap-smime/ > -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
