On Fri, 08 Oct 2004 16:33:14 -0400 (EDT), James M Galvin wrote:
Finally, I expect that the signature semantics issue that
we have been discussing would mean that we wouldn't end
up with real S/MIME or real PGP-MIME, but a different
MIME type entirely that expresses the fact that the
signature means something else.
I don't think so. What a signature means is determined by
context, which is usually outside the scope of the protocol
but in scope of the application. If the signature
information carries a "policy identifier" of some sort, then
the signature process (as opposed to the application) could
make some decisions about the signature, but this is not
If the use of s/mime to satisfy this authentication requirement
is so straightforward, perhaps you can generate a "profile"
document that provides the necessary detail?
This will then permit folks to make concrete technical and
operational comparisons between what you are advocating and
dcrocker at ...