[Top] [All Lists]


1993-04-06 13:34:12
Two comments.

1.  I'm guessing you chose to call the header field content-md5 so that
    the choice of algorithm was explicit and it would not be necessary
    to parse the value of the header into two parts: algorithm
    identifier and value.

    In any case, this course of action means there will need to be a
    header defined for each choice of algorithm that may be available.
    Note that PEM allows for the specification of suites of algorithms,
    thus admitting that there will exist more than one algorithm.  I
    think we should follow this model and that this header should be
    called content-mic and there should be two parameters: "alg=MD5" ;
    mic="Integrity Check!".  I favor this over the creation of multiple
    header fields.

    As far as registration of algorithms is concerned, you can reference
    the values defined in the PEM's RFC 1423.

2.  This document will ultimately require a security considerations
    section in which it will be necessary to distinguish between the
    service provided by this specification and the service provided by a
    secure data integrity service.  For example:

    This document specifies a data integrity service that protects data
    from accidental modification while in transit from the sender to the
    recipient.  A secure data integrity service, such as that provided
    by Privacy Enhanced Mail [3], would protect data from all

    This is stated in the document but it needs to be restated in a
    security considerations section.


<Prev in Thread] Current Thread [Next in Thread>