[Top] [All Lists]

Re: Issues with S/MIME Message Specification

1999-05-18 12:09:50
[Recipient list trimmed somewhat]

"Robert R. Jueneman" <bjueneman(_at_)novell(_dot_)com> writes:

Finally, somewhere in these documents there is a statement regarding the
advisability of including the content encryption key encrypted in the
originator's public key, but despite rereading the documents multiple
times I can't find that text again.  As I recall, the text said that this
SHOULD be done.  I would argue that this should be changed to MUST, for I
can't imagine a situation where the originator of an encrypted message
would not want to be able to read his own message, 

Given that anyone who wants to re-read their own messages will keep a copy 
stored locally, why on earth would they go through the complex encrypt->
decrypt process just to read what they've written?  I think even the presence
of SHOULD is too restrictire for this, it's purely a matter for the sender to
decide and doesn't really have any place in MSG - for the majority of users
all it'll do is double the number of keys available for attack.  Anyone who 
needs sent-mail revocation and whatnot desperately enough can go use X.400 
for their mail.