ietf-mailsig
[Top] [All Lists]

Re: semantics of the signature

2004-10-08 17:20:55

At 04:13 PM 10/8/2004 -0400, James M Galvin wrote:
Based on the assumption we are working on an end-MTA to end-MTA
signature, I now agree that issue of conveying the security information
is a good one to debate in the working group.

While I agree that message signing and verification will often happen at the 
MTA, and is therefore not truly end-to-end, I'd like to make sure that we don't 
prohibit the ability to sign or verify (with some time validity restrictions) 
at an MUA.  I'm not sure you're saying that, but I just wanted to be clear.

On the other hand, someone suggested a MIME encapsulation that would be applied 
at the point of signing and removed at the point of verification.  That would 
not work, because there is no way to know if the recipient's MTA is MASS-aware 
and would actually do that.  Recipients of such messages that have 
non-MASS-aware MTAs would get message encapsulations they (probably) aren't 
prepared to deal with.

-Jim


<Prev in Thread] Current Thread [Next in Thread>