On Tue 22/Apr/2014 04:58:21 +0200 Ned Freed wrote:
On Sat, Apr 19, 2014 at 09:05:23AM -0400, Michael Richardson wrote:
There are mailing lists that want to "fix" broken messages, yes, but
if we need to provide end-to-end assurance that the message really
came from the originator, disallowing this behavior so that things
like S/MIME and PGP signatures don't get broken might be an
engineering tradeoff that we might have to make.
That's possible, but then you run into other problems. Take the issue
of adding a disclaimer. You can certainly do this without damaging
the S/MIME signature by converting a MIME structure of:
multipart/signed
text/html
application/signature-whatever
to:
multipart/mixed
multipart/signed
text/html
application/signature-whatever
text/plain - disclaimer
But then you have to take into account how this gets displayed, and what
it means when it is displayed.
That alters the content-type and the very beginning of the message body.
The result may be more difficult to display/interpret than a signed
attachment.
For a related trifle, no PGP or S/MIME signatures could have pointed out
that I altered a few bits in the text quoted above, attributed to Ned.
Did I thus break authentication, non-repudiation, or integrity?
And while you may be able to get lists to pass HTML through, reject messages
with attachments, and generally get to a place where S/MIME signatures can be
preserved, I don't think you'll be able to get rid of disclaimers.
And subject tags too, where used.
It may seem easy to ask each ML to declare whether they tamper with the
body or the subject. But then we have to consider possible chains
--Pete's ML assumptions, #8. Messages containing the whole collection
of disclaimers look certainly funny.
Ale
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822