> - The parametric information to be included in the message, to
> permit validation of the signature. This may include a key
> identifier or a key-holder identifier or a copy of the key.
> This also may include DNS resolution and/or may include
> additional Internet queries.
Is it intended to be an open question as to where and how the parametric
information is carried with the message?
Obvious choices are an RFC2822 Header (Fenton), Content body part (MTA
Signatures), or even as an extension to the SMTP transaction, since the
goal is to provide services between each end.
The choice may have an affect on the performance at high-volume. It
certainly affects which of the input proposals is more relevant.
The reason why I ask is because if putting the information in an added
body part is an option, then shouldn't we build on existing protocols
rather than re-inventing yet another secure email protocol? What I see
as distinctive characteristics of this work (as compared to the 5 secure
email protocols that have been developed over the last 20 years) is the
specification of the "identity" and the key management (where the public
key is stored and how it is retrieved).
A lot of effort has gone into the existing secure email protocols and
this does not seem like a good time to revisit all that work.
Jim