-----Original Message-----
From: Peter Hesse [mailto:pmhesse(_at_)geminisecurity(_dot_)com]
Sent: Thursday, April 22, 2004 7:27 PM
To: 'Blake Ramsdell'; 'Russ Housley'; ietf-smime(_at_)imc(_dot_)org
Subject: RE: RE: Last Call: 'S/MIME Version 3.1 Message
Specification' to Proposed Standard
Perhaps the best case for the "From mangling" problem being
prevalent is
found if you look at the IETF-S/MIME archive page and look at
the first
message I sent:
http://www.imc.org/ietf-smime/mail-archive/msg01800.html
You will see the second complete paragraph begins with
">From". I sent it
as "From". So, whatever mail transfer agent received this message and
posted it to the archive was subject to this problem.
Well, hang on, you had a particular case involving a particular set of
agents (including a) a user agent that wasn't smart enough to escape the
From at the desktop, and b) an MTA that chose to introduce the escape on
his side). The clients that I use happen to protect you from this
(independent of their S/MIME support), so personally, I haven't seen it
before.
I'm not saying that I can't conceive of a case where this happens, what
I'm saying is "if we add this, then are there other cases we need to
consider where MTAs munge content and how clients should defend against
that" as well as "is this issue important enough for us to call out
specifically".
In any case, the current path is a non-normative paragraph as Paul
suggested, which covers MTA munging in general.
Blake