At 11:57 PM 10/8/2004 -0400, Andrew Newton wrote:
On Oct 8, 2004, at 8:16 PM, Jim Fenton wrote:
On the other hand, someone suggested a MIME encapsulation that would be
applied at the point of signing and removed at the point of verification.
That would not work, because there is no way to know if the recipient's MTA
is MASS-aware and would actually do that.
Except it could be expressed by the recipient in a MASS-policy record or by
the existence of a MASS-public-key.
Or an ESMTP option indicating MASS policy, I suppose.
But that would mean that every mail forwarder and mailing list from which I
receive mail also would need to become MASS-aware before messages I get would
be consistently signed. This would slow deployment considerably, and is moving
in the direction of a hop-by-hop scheme.
I can already verify IIM signed messages sent to this and some other mailing
lists such as ASRG, with no change in behavior on the part of the mailing lists
at all. This isn't a large sample size, but it is an existence proof.
Echoing Dave Crocker, we need a concrete proposal on how MIME would be used in
this application, because I'm sure the current specs don't cover it. Right now
it seems too much like a moving target.
-Jim