On 4 Oct 2004, John Levine wrote:
That needn't rule out S/MIME. I could other ways to add header fields
into the goop in the signature without re-encapsulating the whole thing.
MTA Signatures simply adds them as signed CMS attributes in their entirety
This is intended for those headers that are normally displayed to the user
and are subject to being changed by intermediate systems and actually we
only have couple of these headers - Subject, From, To.
For trace and other headers that are not expected to be changed by other email
servers when messages passes through them, the new header is introduced (in
next version proposal) which carries hash value for multiple other header
lines. This hash is therafter also added as signed attribute.
I'll note that both of those techniques can equally work with MTA Signatures
(CMS signatures added by MTAs) and for normal S/MIME signatures added by MUA
and this sytem does not require re-encapsulating email message.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net