ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

application/signed vs. application/mime vs. signedData

1997-08-01 00:59:49
from [Blake Ramsdell] [Permanent Link] 
In the hopes of getting closer to consensus, I'm clearing the slate.

I think we've determined that there is still a need to have two formats,
one that is suited to preserving content, and one that suited to
preserving signatures.  Because we have not been able to arrive at one
format that satisfies both goals, two formats are needed.  Because we
have two formats, it is a client determination as to which one gets
sent.

The choice of multipart/signed for content preservation seems
uncontested.  Thank goodness.

For signature preservation, three proposals exist.  These proposals and
some of their criticisms are:

1. signedData.  Only works for PKCS #7 data and is unreadable by
non-S/MIME agents.
2. application/mime.  Very  generic, so intermediate processors will be
tempted to monkey with it as regular MIME data.  Pretty much unreadable
by any current mail agent.  MIME tools exist that can process the data.
3. application/signed.  Less generic, but still interesting to
intermediate processors.  Pretty much unreadable by any current mail
agent.  MIME tools exist that can process the data.

Some of their strengths are:

1. signedData.  More resilient against peeking inside of it (significant
code is needed to get at the inner MIME data).
2. application/mime.  Very generic.  Mail clients will soon support it
and its semantics of "if you don't understand what I am, don't try to
parse me".
3. application/signed.  Generic in that it represents the encapsulation
of any type of multipart/signed entity (MOSS, S/MIME, PGP, FOO, etc.)
Better semantics than application/mime for this particular case (it
always represents the armoring of signed content).

I can give my opinion:  let's talk about application/signed some more
because I like it better than the other two for this particular case.  I
don't think that application/mime is not useful, but I do think that
application/signed has better semantics for what we are trying to
accomplish.

Blake
--
Blake C. Ramsdell
Deming Internet Security, a Worldtalk Company
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: application/mime and binary data, Ned Freed
Next by Date:  Re: application/signed vs. application/mime vs. signedData, Ned Freed
Previous by Thread:  Re: application/mime and binary data, Ned Freed
Next by Thread:  Re: application/signed vs. application/mime vs. signedData, Ned Freed
Indexes:  [Date] [Thread] [Top] [All Lists]