On Sun, 31 Jul 2005, Earl Hood wrote:
There's no reason why these two need to be coupled at all.
Indeed, it would make a lot of sense to couple a generic
message signature protocol to the key retrieval mechanism
described here.
Agreed. I think Meta-Signatures proposals uses this approach.
I think the message signature protocol can even be further divided
into a digesting protocol and a signing protocol.
Didn't I do it already? In META-Signatures signing framework body digest
is completely separated from header signature. In latest META 0.2 the digest
for header fields data is also a separate segment further signifying
separation of various components and allowing new systems to introducing
different type of digest segment. I could separate META Signature sections
into separate header fields (as was done in META 0.1x) but it was a bit
too verbose and I decided with one field with several sections.
to sign (arbitrary) header fields. S/MIME and OpenPGP are limited
in this regard. For example, from a spamming/phishing context,
header fields like Subject and From are important.
This is very very easy to add. I had that specified in MTA Signatures
(which is largerly S/MIME) as additional signed attributes.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net