[Top] [All Lists]

RE: Protection of header elements in an S/MIME message

2005-01-12 11:59:49

Jim Schaad <jimsch(_at_)exmsft(_dot_)com> wrote:

I think that we may need to revisit the issue of how S/MIME 
protects headers.

In doing some consulting for other groups in the IETF I have 
found that there are now four different groups that need a 
better solution to this

S/MIME - uses an encapsulated message  (message/rfc822)
SIP - uses an encapsulated message (message/sip)
PGP - uses an encapsulated message (message/rfc822) [I may be 
putting words into the PGP working groups collective mouths] 
MASS - a new proposed working group looking at providing 
authorization information on e-mail messages - no current

All of these groups would benefit if we define a standard way 
to allow for inclusion of RFC822 headers in a message body 
along with rules for comparision between the acutal header 
and the embedded header.

I would recommend looking at RFC 3261 section 23.4.1 for a 
description of how SIP handled the comparison problem between 
the outer and inner headers.

The MASS group would not be open to saying that the correct 
answer is to have an embedded message that is promoted when 
found.  I don't know if this has been implemented by any 
S/MIME implemenation I would be surprised if it was widely

Actually, it strikes me that S/MIME, SIP and PGP have all adopted
the same solution: encapsulate what you want protected.  They've
just have taken slightly different approaches to how you deal
with what's there.  I'm curious as to why MASS would not be open
to this type of approach.

It has always seemed to be that it would be easy to have a
general attribute that could contain any RFC 822 header.  Of
course, you STILL have to specify how and to what extent matching
is done... which would probably have to be application specific.
So we're right back to where we are today.


<Prev in Thread] Current Thread [Next in Thread>