My previous message to the list must have gotten lost somewhere. Here
it is again:
Paul Hoffman / IMC wrote:
** signedData vs. application/mime wording**
Section 3 talks a lot about what to do if the sender thinks that a signed
message will go through a gateway that will separate or change the message.
This has long been a contentious issue. Of the three implementations I know
of, Microsoft and Netscape never use either of the two protection
alternatives, and Deming will only send out signedData (I think).
My proposal, which wasn't all that well received, was that we move the
whole discussion to a short appendix that covers just what the two options
are, the brief advantages and disadvantages of each, says that as of today
no one has tested application/mime, says that receiving agents SHOULD
accept both, and you make your own decision. This does describe what the
current practice is, so it's an honest approach. It also lets implementors
figure out what works best for them. Let's remember that this a very
transport-related issue for a protocol that is supposed to be
transport-independent.
If you have a different idea of how to deal with the issue, please speak up!
I believe I've raised enough unresolved technical problems with
application/mime to warrant its removal from the document until such
time as the issues are resolved.