On Sun, 31 Jul 2005, Michael Thomas wrote:
Taking an existing MIME body and wrapping that into some kind of
multipart is, essentially, trivial, and can be implemented in a
short Bourne shell script. The complexity and amount of MIME
awareness needed to generate an RFC1847-style multipart/signed is
*exactly* the same as is the one that is needed to create what you
call "RFC 2822-level signatures."
And unwrapping? And even for signing your statement is incorrect
for at the very least one very common mail environment: sendmail/milter.
To do MIME anything, you'd have to replace the body -- an expensive
operation. You don't have to do that with DKIM.
Being MIME-aware does not mean the data has to go into mime part and
there is no necessity to replace the body. META-Signatures is good
example - it requires some MIME awareness (i.e. being able to see
mime boundaries and find relevent mime parts by content-id) but it does
not place the signature in mime multipart. And personally I think days
of none-mime-aware tools should be long over - email is now really MIME
transport system and ignoring that and reinventing PEM is not way to
bring security into email in 21st century.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net