[Top] [All Lists]

Re: 2 MIME questions re: message/rfc822

2004-11-08 02:39:27

ned+ietf-822(_at_)mrochek(_dot_)com wrote on 11/05/2004 18:28:56

... Basically what you want to do is define a hash methodology that 
separate hashes on leaf nodes in the MIME object and then combines those
separate hashes along with hashes of canonicalized headers and the MIME
structure itself in a specific way to arrive at a single result. ...

Ned already knows this, as he and I have discussed defining an alternative 
MIC over the years.

Lotus Notes in its proprietary message format employs this approach. When 
a Notes document is signed, both embedded objects and attached files are 
individually hashed, and these hashes are then placed in control blocks in 
the main message body. The main message body, including these control 
blocks, and other associated items (think headers) is then hashed and this 
hash is signed.

When a signed Notes document is opened, the validity of the main message 
body hash is verified. If it is valid the main message body is rendered. 
This rendering may include the rendering of embedded objects. As each of 
these objects is opened and de-compressed, the validity of the hash in 
their associated control block is also verified. Similarly, when an 
attachment is opened and de-compressed, the validity of the hash in its 
associated control block is verified. If Notes fails to validate either a 
top level, embedded object, or attachment hash then a signature failure is 
asserted. In the case of the top-level message and its embedded objects, 
this failure will be signalled prior to them being displayed. In the case 
of an attachment, this failure will be signalled prior to the attachment 
being invoked or saved.

If one presumes a flat "on the wire" storage format for a delivered MIME 
message, then a hierarchical hash scheme would appear to deliver no 
benefits. If on the other hand on assumes a hierarchical storage format 
with leaf node bodies decoupled from MIME headers as is largely mandated 
my IMAP semantics, then a hierarchical hash scheme delivers significant 
benefits, especially when initially opening and verifying the signature of 
a message with large attachments.