On 2005-07-31 08:36:25 -0700, Michael Thomas wrote:
Taking an existing MIME body and wrapping that into some kind of
multipart is, essentially, trivial, and can be implemented in a
short Bourne shell script. The complexity and amount of MIME
awareness needed to generate an RFC1847-style multipart/signed
is *exactly* the same as is the one that is needed to create
what you call "RFC 2822-level signatures."
And unwrapping?
You actually read my message?
| That said, there is some MIME-related complexity to parsing and
| verifying multipart/signed signatures -- you need to parse a single
| level of multipart/mixed (i.e., split things at appropriate
| boundaries).
(Technically, that shouldn't have been "/mixed", but just
"multipart". But that doesn't change the substance of what I
said...)
And even for signing your statement is incorrect for at the very
least one very common mail environment: sendmail/milter. To do
MIME anything, you'd have to replace the body -- an expensive
operation. You don't have to do that with DKIM.
That's a data point about one implementation's ability to change
e-mail bodies. Point taken.
However, it doesn't say much about the inherent difficulty of
producing a multipart/signed from an incoming message vs. performing
an RFC 2822 header signature.
Regards,
--
Thomas Roessler, W3C <tlr(_at_)w3(_dot_)org>