The subject line issue is not a problem in the X.400 world. SMTP carries
the subject line is in the envelope. The corresponding X.400 protocols
(P1, P3, and P7) do not. In X.400, the subject line is part of the content.
X.400 does have similar issues with TO, CC, and FROM. Both SMTP and
X.400 would like to integrity protect these.
X.400 also carries TO, CC, and FROM in the content.
I would like to steer this discussion toward a signed attribute (a CHOICE
of IA5String and UTF8String (for international characters that are coming
Since ASCII characters are encoded identically in a UTF8String and an IA5String
there is no need to introduce a CHOICE - keep it simple and just define the
syntax as UTF8String.
My initial cut at the header lines that ought to be included are FROM,
When displaying the originator of a signed message. S/MIME clients should
display the Name + RFC822Address from SubjectAltName from the Certificate that
signed the message in place of the FROM from the RFC822 Header. They should do
the same e.g. when constructing a reply. So I can see little point adding the
FROM into this proposed signed attribute. And I think that Paul Hoffman's
proposal (reproduced below) is more general, and altogether a better solution.
Instead, how about encouraging the use of multipart/mixed which
starts with text/rfc822-headers. Any headers in that first part are
to replace the same headers on display only.