[Top] [All Lists]

RE: Attempt to clear off the open issues

1997-07-28 13:31:00
At 4:12 PM -0700 7/25/97, Blake Ramsdell wrote:

But the problem is that you will not know which digest algorithm a
particular message part will need in order to complete its signature.
"rsa-md5", "pgp-md5" and "pkcs7-md5" are all legal values to identify
the MD5 algorithm (even though, as you will probably find out at some
point, the data that is presented to these hashing algorithms is not
completely derived from the content, but may also be found in the
signature part as well).  At some point someone will come up with
"zoondap" which happens to be MD5.  The only option you're going to have
in your case is to compute all of the hashes that you know how to do,
and then provide those to any plugin that might need them so that they
can make the determination if any of the hashes is suitable for their

I don't see that as a huge problem.  We already deal with C-T-E: x-uue,
uuencode, x-uuencode etc... I don't expect new hash algorithms to come
along very often so the code base won't change ofen and we'll have lots of
warning. The mapping table can be stored so it's easy to update to deal
with varying implementations (e.g. in a resource or the registry).

Also agree that applications should be prepared in case the micalg
parameter doesn't exist.


<Prev in Thread] Current Thread [Next in Thread>