[Top] [All Lists]

multipart/signed clarifications

2001-10-05 11:48:52

Siegfried Schmitt mentioned in private email that using S/MIME with detached
signatures (multipart/signed) could use some clarification, and I agree.
There is always confusion about what exact data needs to be digested in
order to create the signature.  However, this is a problem that transcends
all multipart/signed implementations, and is not just limited to S/MIME.

Off the top of my head, I see some options:

1. Create a new draft to supplement RFC1847 ("implementation notes for
security multiparts")

2. Reissue RFC1847 with modifications

3. Stick some more verbiage in the new MSG draft, along with some examples

These are in order of my personal preference.  I know that there are
implementors out there that can contribute to this, and I know that OpenPGP
uses RFC1847 also, so a separate draft benefits everyone.

Any comments?

Blake C. Ramsdell, Tumbleweed Communications
Voice +1 425 376 0225 x103  Fax +1 425 376 0915

<Prev in Thread] Current Thread [Next in Thread>