think that the current SMIME implementation for labeling is too inflexible.This
is probably because it is modeled on a military world where a Top Secret
message stays Top Secret for ever.However,
in the commercial world a "Commercially Sensitive" document may become
"Public" overtime or because of a change of circumstances (details released
to Stock Markets, document signed off by marketing etc.).
in SMIME, the label of a message is signed with the content of the document
it is impossible for the label to be changed without re-computing a signature
on the content of the document.This
is erroneous since the person changing the label may not be the original
creator of the document contents.Hence
the proof-of-origin of the document will be lost.
I missed a way to do this in the current CMS/SMIME model? If not, I would
propose a scheme as follows:
new MIME entity application/pkcs7-labeled that has 2 parts:
that contains the document part of a multipart/signed entity and
- a MIME entity that contains a signed CMS object containing the label
and the original document's detached signature.The
latter signature is provided by the person who creates the message.The
outer signed CMS object is signed by the labeler of the document.Typically,
the signatories will be the same person.
approach allows labeled documents to be re-classified over time but keeps
the original document signature.