Re: Mandating MIME



On Thu, 7 Oct 2004, Jim Fenton wrote:

    The question is not whether MIME is permitted; it is whether MIME
    MUST be wrapped around the body of every signed message.  The
    question for me is not so much what percentage of MUAs aren't
    MIME-aware, but whether this mandate would disenfranchise even that
    (arguably small) percentage.

I'm not sure this is the right question because I now do not believe
that MUAs are a critical part of the problem or solution space.

While I do agree we should consider what reports an actual originator or
recipient might receive based on the success or failure of the signature
mechanism to be developed, insofar as the signature is end-MTA to
end-MTA, the MUAs are largely irrelevant.

So, I think the question is what percentage of MTAs are MIME-aware,
since they are the primary applications that will have to deal with the
creation and validation of the signature.


    Finally, I expect that the signature semantics issue that we have
    been discussing would mean that we wouldn't end up with real S/MIME
    or real PGP-MIME, but a different MIME type entirely that expresses
    the fact that the signature means something else.

I don't think so.  What a signature means is determined by context,
which is usually outside the scope of the protocol but in scope of the
application.  If the signature information carries a "policy identifier"
of some sort, then the signature process (as opposed to the application)
could make some decisions about the signature, but this is not typical
usage.

A valid signature only means that the identity associated with the key
that validated the signature is meaningful.  Only the application knows
what it means to be "meaningful", in the absence of a policy identifier.

One area where it would be good to have a MIME-type that adds to what a
signature means is differentiating the presence of multiple signatures.
For example, whether they are different signatures (whether ordered or
unordered) or the same signature with different algorithms.  But this is
getting beyond what this group needs to be concerned about.

Jim

<Prev in Thread]	Current Thread	[Next in Thread>
RE: semantics of the signature, (continued) RE: semantics of the signature, Seth Goodman Re: semantics of the signature, Dave Crocker Re: semantics of the signature, Andrew Newton Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Andrew Newton Anonymity use cases, Jim Fenton Re: Anonymity use cases, Andrew Newton Re: Anonymity use cases, Jim Fenton Mandating MIME, Jim Fenton Re: Mandating MIME, John Levine Re: Mandating MIME, James M Galvin <= Re: Mandating MIME, Dave Crocker Re: Mandating MIME, Jim Fenton RE: Mandating MIME, Seth Goodman Re: semantics of the signature, James M Galvin Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Andrew Newton Re: semantics of the signature, william(at)elan.net Re: semantics of the signature, Jim Fenton Re: semantics of the signature, Michael Thomas Re: semantics of the signature, Dave Crocker

Previous by Date:	Re: semantics of the signature, william(at)elan.net
Next by Date:	Re: semantics of the signature, Dave Crocker
Previous by Thread:	Re: Mandating MIME, John Levine
Next by Thread:	Re: Mandating MIME, Dave Crocker
Indexes:	[Date] [Thread] [Top] [All Lists]