On Fri, 08 Oct 2004 16:33:14 -0400 (EDT), James M Galvin wrote:
Finally, I expect that the signature semantics issue that
we have been discussing would mean that we wouldn't end
up with real S/MIME or real PGP-MIME, but a different
MIME type entirely that expresses the fact that the
signature means something else.
I don't think so. What a signature means is determined by
context, which is usually outside the scope of the protocol
but in scope of the application. If the signature
information carries a "policy identifier" of some sort, then
the signature process (as opposed to the application) could
make some decisions about the signature, but this is not
typical usage.
Jim,
If the use of s/mime to satisfy this authentication requirement
is so straightforward, perhaps you can generate a "profile"
document that provides the necessary detail?
This will then permit folks to make concrete technical and
operational comparisons between what you are advocating and
altnerative proposals.
d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker at ...
brandenburg.com