ned+ietf-822(_at_)mrochek(_dot_)com wrote on 11/05/2004 18:28:56
... Basically what you want to do is define a hash methodology that
separate hashes on leaf nodes in the MIME object and then combines those
separate hashes along with hashes of canonicalized headers and the MIME
structure itself in a specific way to arrive at a single result. ...
Ned already knows this, as he and I have discussed defining an alternative
MIC over the years.
Lotus Notes in its proprietary message format employs this approach. When
a Notes document is signed, both embedded objects and attached files are
individually hashed, and these hashes are then placed in control blocks in
the main message body. The main message body, including these control
blocks, and other associated items (think headers) is then hashed and this
hash is signed.
When a signed Notes document is opened, the validity of the main message
body hash is verified. If it is valid the main message body is rendered.
This rendering may include the rendering of embedded objects. As each of
these objects is opened and de-compressed, the validity of the hash in
their associated control block is also verified. Similarly, when an
attachment is opened and de-compressed, the validity of the hash in its
associated control block is verified. If Notes fails to validate either a
top level, embedded object, or attachment hash then a signature failure is
asserted. In the case of the top-level message and its embedded objects,
this failure will be signalled prior to them being displayed. In the case
of an attachment, this failure will be signalled prior to the attachment
being invoked or saved.
If one presumes a flat "on the wire" storage format for a delivered MIME
message, then a hierarchical hash scheme would appear to deliver no
benefits. If on the other hand on assumes a hierarchical storage format
with leaf node bodies decoupled from MIME headers as is largely mandated
my IMAP semantics, then a hierarchical hash scheme delivers significant
benefits, especially when initially opening and verifying the signature of
a message with large attachments.