On Thu, 2 Jun 2005, Andrew Newton wrote:
How do the proponents of the META Signatures proposal feel on this
Since my name was on the To: line and I have in the past stated favor for
S/MIME based proposals, I'll give my opinion:
As with all of William's work, META Signatures is good stuff. However, in
the intervening months I've talked to several vendors who have implemented
DomainKeys and not a single one ever said "This would have been easier if it
were based on S/MIME". Given this plus the apprehension some people have
regarding S/MIME's interaction with current MUAs, I now think the DK/IIM
approach is the path we should follow.
You're mixing up my original MTA Signatures (S/MIME in special trace mime
segment to hide from MUAs) presented year ago with META Signatures
(header-only field signature with options to sign each mime part separately
by means of separately added digest header fields).
I seriously doubt any vendor would find implementing META Signatures harder
then DK or IIM. Its different, more comprehensive syntax that combines
features of both, but the cryptography and hard parts are all the same
and somebody who has implemented one could change to the other reusing
existing code with aditional maybe 10 - 25% development time.