i don't see this as an issue of signing the message body vs. not signing it.
everyone agrees that it's best to sign everything.
the question is whether to allow & how to implement:
* multiple signatures on a messages
* different signatures on different parts
both are fundamental for integrating S/MIME into forms routing applications.
example 1: i have a vacation request. this will get routed and signed by
manager, HR, etc. nothing about the document will be changed.
example 2: i have a reimbursement form. this gets routed to my manager, who
signs it unchanged, then to accounting, who signs it and adds information such
as the check #, the date the check, etc.
is S/MIME going to be compatible with these simple forms routing examples?
At 4:20 PM -0800 1/29/98, Blake Ramsdell wrote:
On Thursday, January 29, 1998 9:10 AM, Russ Housley
[SMTP:housley(_at_)spyrus(_dot_)com] wrote:
I have a preference for signing the whole message. The cover note can
greatly change the meaning or actions expected.
I agree with this also -- Andrew pointed out a good Ned message from a
past thread dealing with this issue and the possible problems. We can
discuss anything that wasn't covered back then, or revisit those
arguments in light of new information, but I think we covered it pretty
well.
Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103 Fax +1 425 882 8060
______________________________________________________
Jonathan Penn
Ferris Research, Inc.
408 Columbus Avenue, Suite #1
San Francisco, CA 94133
Tel: +1 415 986 1414 Fax: +1 415 986 5994
http://www.ferris.com mailto:jonathan(_dot_)penn(_at_)ferris(_dot_)com
Analysis of messaging, directories, security,
and messaging-related applications.
______________________________________________________