Russ,
Any reply helps, as it opens up valuable discussion on how various
implementers use the standard.
In my case, I was looking for a MIME parameter to identify cryptographic
message construction beyond the outermost layer. Such a mechanism would
permit software to distinguish, for example, encrypted messages from signed
then encrypted messages, without having to do any expensive cryptographic
processing (and without having to transfer the cryptographic attachment from
a remote folder). I guess what I was hoping for was an smime-type value
that could represent multiple S/MIME layers.
ContentHint doesn't meet the requirements as it is a signedAttribute and
would require at least some cryptographic processing to obtain.
Furthermore, a signedAttribute does not help in the case where the outer
layer is an encryption layer. Adding an extra outer signature layer for the
sake of including a ContentHint may be prohibitive with respect to overall
message size.
I do appreciate the response. Thank you.
Darrell
-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, September 10, 2003 4:38 PM
To: Darrell(_dot_)Dykstra(_at_)entrust(_dot_)com; ietf-smime(_at_)imc(_dot_)org
Subject: RE: Determining if a message has multiple layers without processing
any of them
Darrell:
Please take a look at RFC 2634, section 2.9. The outer-most CMS wrapper
should tell what content type is contained in the inner-most wrapper. Does
this help, even though it is much delayed?
Russ
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org]
Sent: Saturday, June 14, 2003 7:43 AM
To: 'ietf-smime(_at_)imc(_dot_)org'
Subject: Determining if a message has multiple layers without processing
any of them
Hello,
I am currently attempting to determine if there is anything in the S/MIME
standard that would allow me to determine if a message was, for example,
signed then encrypted, without processing any of the security layers.
My understanding of the smime-type parameter is that it only applies to the
current layer of security, so for example, a message that was signed and
then encrypted will have an outer smime-type of enveloped-data with no clue
that there is a signature layer within.
Any insight into this is much appreciated.
Thanks,
Darrell