[Top] [All Lists]

[ot] Re: SMIME and disclaimers

2003-02-17 11:47:52
On Monday 17 February 2003 17:24, chris(_dot_)gilbert(_at_)royalmail(_dot_)com 
The multipart nature of MIME suggests
that it is at least plausible to place the disclaimer in its own MIME
boundary such that it doesn't interfere with signed portions in the
parts of the message that originate at the client.

The application adding the disclaimer needs to be fully MIME-aware and 
needs to be able to re-arrange the MIME body parts if necessary. Just 
appending the disclaimer in plain text, US-ASCII form works only for 
messages with text/plain top-level content-type and a charset that 
contains US-ASCII as a subset (e.g. iso-8859-*, utf-8).

A more intelligent approach would be to find the last MIME boundary, 
remove everything after and including the trailing double hyphen, and 
add something like:
Content-Type: text/plain; charset=us-ascii
Content-disposition: inline

<disclaimer goes here>
but that fails for multiparts with a fixed number of required children, 
e.g. multipart/signed, which needs to have exactly two children.

For coping with these messages, you have three options:
1. Lock down the signature (not the digital signature, but the message
   footer) to use for your users, if your mailer supports that (e.g.
   KMail does), so it includes the disclaimer and cannot be changed by
   the user.
2. Use an application that is dumb and just appends the disclaimer as
   text, like e.g. mailman does. Then you have to hope that all the
   recipients use MUAs that show the epilogue of mails if it looks
   interesting. Don't hold your breath...
3. Use an intelligent application to append the disclaimer, one that can
   re-arrange the MIME body structure to fold the current content into
   an additional multipart/mixed if needed to append the text/plain
   disclaimer and hope that recipient's clients can cope with deeply
   nested MIME body structures.

I guess your best bet is to look up the admin's handbook of your users' 
MUAs and see if (1) is an option.


"You're hackers, aren't you," the barman said, eyeing us. No one said
a thing. The darkness of the Eurotunnel rolled by. Apparently we'd
given ourselves away by talking too enthusiastically about IPv6. He
looked around conspiratorially, lowered his voice. "Can you get me
some credit card numbers?"
      -- James J. King "What's the shortest way to hack a Linux box?"
         Telepolis 2001/08/11 (#9293)

Attachment: pgpAvZBIF47ED.pgp
Description: signature

<Prev in Thread] Current Thread [Next in Thread>