Thomas Roessler wrote:
* Signing agents may be MTAs or other entities in the
transmission of message. A process that does not require
full MIME parsing capabilities and minimizes (or avoids)
modification to body data can be desirable. Signing at the
RFC-2822 level will be more efficient than at the MIME level.
This does assume that MIME-awareness is not a critical
requirement in achieving desired goals.
I'm sorry, but this argument doesn't hold water.
Taking an existing MIME body and wrapping that into some kind of
multipart is, essentially, trivial, and can be implemented in a
short Bourne shell script. The complexity and amount of MIME
awareness needed to generate an RFC1847-style multipart/signed is
*exactly* the same as is the one that is needed to create what you
call "RFC 2822-level signatures."
And unwrapping? And even for signing your statement is incorrect
for at the very least one very common mail environment: sendmail/milter.
To do MIME anything, you'd have to replace the body -- an expensive
operation. You don't have to do that with DKIM.
Mike