ietf-smime
[Top] [All Lists]

RE: Question about signing attachments separately

1998-01-28 10:09:30
Mark,

Using S/MIME, if you wish to both sign and encrypt a message, you sign, 
then encrypt the message as a single PKCS#7 body part.  The application 
first signs the message, using either the PKCS#7 SignedData construct, or 
RFC1847 multipart/signed (EDIINT currently supports the latter).  You then 
take either the SignedData or multipart/signed as the data input to 
encrypt, to be placed in the PKCS#7 EnvelopedData construct.  This is 
deemed as advantageous, as the signer of the document is not exposed.

Regards,
Karen


-------------------------------------------
Karen Rosenthal
Premenos, a Harbinger Corporation
1000 Burnett Ave
Concord, CA  94520

Email:  karenr(_at_)sfo(_dot_)harbinger(_dot_)com
Tel#:   1-510-688-2928
Fax#:   1-510-602-2133
Visit:  http://www.harbinger.com

-----Original Message-----
From:   Mark Vandenwauver 
[SMTP:Mark(_dot_)Vandenwauver(_at_)esat(_dot_)kuleuven(_dot_)ac(_dot_)be]
Sent:   Wednesday, January 28, 1998 2:23 AM
To:     ietf-smime(_at_)imc(_dot_)org
Subject:        Question about signing attachments separately

Hi all,

We are in the process of implementing S/MIME and me and my colleagues are
having a debate whether we will allow the software to sign and/or encrypt
attachments separately vs. signing/encrypting the whole mail message. Do
the S/MIME experts have any input on this matter ? What do you see as the
biggest advantages to each approach ?

Thanks in advance,

Mark

-----------------------------------------------------------------------

Mark Vandenwauver       email : 
vdwauver(_at_)esat(_dot_)kuleuven(_dot_)ac(_dot_)be
Assistant               www   : http://www.esat.kuleuven.ac.be/~vdwauver
K.U.Leuven ESAT-COSIC   phone : 32-16-321134
Kard. Mercierlaan 94            32-16-321050 (Secr.)
3001 Heverlee           fax   : 32-16-321986
BELGIUM