1. I'm guessing you chose to call the header field content-md5 so that
the choice of algorithm was explicit and it would not be necessary
to parse the value of the header into two parts: algorithm
identifier and value.
In any case, this course of action means there will need to be a
header defined for each choice of algorithm that may be available.
Note that PEM allows for the specification of suites of algorithms,
thus admitting that there will exist more than one algorithm. I
think we should follow this model and that this header should be
called content-mic and there should be two parameters: "alg=MD5" ;
mic="Integrity Check!". I favor this over the creation of multiple
As far as registration of algorithms is concerned, you can reference
the values defined in the PEM's RFC 1423.
2. This document will ultimately require a security considerations
section in which it will be necessary to distinguish between the
service provided by this specification and the service provided by a
secure data integrity service. For example:
This document specifies a data integrity service that protects data
from accidental modification while in transit from the sender to the
recipient. A secure data integrity service, such as that provided
by Privacy Enhanced Mail , would protect data from all
This is stated in the document but it needs to be restated in a
security considerations section.