That's right -- I said "with some examples" for the MSG draft, but not for
any of the other options. Yes, there would be examples in all cases to
illustrate the exact octets for digesting.
I am working on the MSG and CERT drafts right now, but I will do this
afterwards at least as a strawman for discussion.
Blake
-----Original Message-----
From: Housley, Russ [mailto:rhousley(_at_)rsasecurity(_dot_)com]
Sent: Friday, October 05, 2001 1:51 PM
To: Blake Ramsdell
Cc: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Re: multipart/signed clarifications
Blake:
I like #1, as long as it includes some examples.
Russ
At 11:48 AM 10/5/2001 -0700, Blake Ramsdell wrote:
Siegfried Schmitt mentioned in private email that using S/MIME with
detached
signatures (multipart/signed) could use some clarification, and I agree.
There is always confusion about what exact data needs to be digested in
order to create the signature. However, this is a problem that transcends
all multipart/signed implementations, and is not just limited to S/MIME.
Off the top of my head, I see some options:
1. Create a new draft to supplement RFC1847 ("implementation notes for
security multiparts")
2. Reissue RFC1847 with modifications
3. Stick some more verbiage in the new MSG draft, along with some examples
These are in order of my personal preference. I know that there are
implementors out there that can contribute to this, and I know that OpenPGP
uses RFC1847 also, so a separate draft benefits everyone.
Any comments?
Blake
--
Blake C. Ramsdell, Tumbleweed Communications
Voice +1 425 376 0225 x103 Fax +1 425 376 0915