If you sign a compressed S/MIME message, then from an
application standpoint what is the meaning of signing
a compressed MIME payload component or compressed MIME
main body part?
A receiving application may expect that signing party
is cognizant of what is being sent in the SMIME message.
However, if the content that is signed is first compressed,
then the receiving party can not assume that that was the
case.
Hence, I would recommend that there be explicit processing
rules where we expect that sending SMIME apps first sign
the SMIME message part(s) and then compress. Receiving
applications first de-compress the message and then
verify the signature(s).
-----Original Message-----
From: Terry Harding [mailto:tharding(_at_)cyclonecommerce(_dot_)com]
Sent: Monday, February 25, 2002 2:25 PM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Order of signing and compression operations.
All,
Does the S/MIME group have a preference on the order of operations when
signing and compressing a S/MIME
message when using the compressed data content type for cms.
Should compression occur before signing or should signing occur before
compression or maybe it does not matter.
Any guidance by the S/MIME group would be greatly appreciated.
Terry Harding
Cyclone Commerce