At 07:43 PM 3/27/98 -0800, John Ross wrote:
I think you have some valid arguments, I also agree that the current X.411
printable string syntax has its limitations in an international scenario.
Two things here. One, calling it the "international scenario" is kind of
insulting: the native languages for more than three quarters of the world's
population needs non-PrintableString characters. Two, you have to remember
the "Internet scenario": you can't use Internet mail addresses in
PrintableString because of the lack of "@" in the charset.
But I disagree when you imply that a signed security label can be changed
when passes through a gateway, the aim is for as much interoperability as
possible, so the signatures of data objects which are not translated by
gateways can be applied end to end. In that case the security label cannot
be translated.
I think you misunderstand what a gateway does. It converts from one
protocol to another. If the conversion cannot be done cleanly, it does the
best job possible. If bits of a signed message need to be changed across
the gateway, the gateway should:
1) validate the signature on the incoming message
2) convert as little as needed
3) create a message signed by the gateway that includes the incoming
validation status and the new, converted message
I think the gateway issue, particularly to a non-IETF protocol, is well
outside the charter of this group.
--Paul Hoffman, Director
--Internet Mail Consortium