On Wed, Sep 07, 2005 at 03:56:58PM -0700, Wim Lewis wrote:
The existing 'b', 't', etc. tags could then be defined as shorthands
for particular MIME headers (content-type and charset).
I disagree, because these tags convey a slightly different (lower-level)
meaning than the mime headers. Also, the above suggestion would be a
security hazard, since the literal packet's tag is not hashed and can be
therefore altered in a signed message, without breaking the signature.
PGP/MIME headers, on the other hand, are included in the hashed material, so
they are part of the signed message.
I would suggest the following modification of RFC2440bis-14:
Do you mean removing the 't' and 'u' tags? Or supplementing them with
'm'?
Supplementing with 'm', of course. Removing 't' and 'b' tags (what's 'u'?)
would break almost everything.
--
Daniel