I have both a very basic and a very complicated answer to this
Is the message document correctly titled "How to do secure MIME with
CMS" or "How to do secure messaging with MIME and CMS"?
If the answer is the first, then this should be done. If the answer is
the latter (and this is the position that most people think from) then
this should not be done and a separate draft should be written on how to
do the additional CMS security types.
I don't really want to bifercate the current Message and Certificate
drafts to have different documents for both the first and the second
(although the latter documents would be a "simple" profile of the former
documents). But I think we need as a group to make a decision on what
document we are writing.
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Blake
Sent: Thursday, June 19, 2003 3:51 PM
To: 'Rohan Mahy'
Subject: RE: proposed addition to application/pkcs7-mime
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Rohan
Sent: Friday, June 06, 2003 7:59 PM
To: Blake Ramsdell
Cc: ietf-smime(_at_)imc(_dot_)org; rohan(_at_)cisco(_dot_)com
Subject: proposed addition to application/pkcs7-mime smime parameter
I have included some proposed text to add the other CMS types to the
smime-type mime parameter. Alternatively a new cms-type mime
could be defined, but this seems a but pedantic to me.
We are in a strange situation here, and I'd like to get
feedback on this. One side of me says that the
"application/pkcs7-mime" means "MIME packaged in PKCS #7
(which then became CMS) for the purpose of moving around
secured MIME entities". I don't know if it's a better idea
to a) overload the application/pkcs7-mime type to mean "CMS,
possibly not wrapped in MIME", or b) introduce
application/cms in a separate draft, along with a cms-type
parameter that explains the inner type.
I know that there was much discussion about application/xml
in a similar context, and I don't know if there's anything we
can learn from that in order to resolve this. It seems that
the application/xml semantic would be very similar to the
application/cms semantic, but I may not understand it correctly.
I'm going to release 2633bis-05 shortly, and if there's no
discussion on this topic I'm not going to include anything in
that draft. If it's important, we should work through it.