[Top] [All Lists]

Re: Protection of header elements in an S/MIME message

2005-01-23 22:09:02

I think that working on a specification in this area would help a lot of future efforts. I encourage the working group to discuss this topic at IETF 62. If there is consensus, then the WG should request an extension to the charter.


At 05:31 PM 1/11/2005, Jim Schaad wrote:

I think that we may need to revisit the issue of how S/MIME protects

In doing some consulting for other groups in the IETF I have found that
there are now four different groups that need a better solution to this

S/MIME - uses an encapsulated message  (message/rfc822)
SIP - uses an encapsulated message (message/sip)
PGP - uses an encapsulated message (message/rfc822) [I may be putting words
into the PGP working groups collective mouths]
MASS - a new proposed working group looking at providing authorization
information on e-mail messages - no current solution.

All of these groups would benefit if we define a standard way to allow for
inclusion of RFC822 headers in a message body along with rules for
comparision between the acutal header and the embedded header.

I would recommend looking at RFC 3261 section 23.4.1 for a description of
how SIP handled the comparison problem between the outer and inner headers.

The MASS group would not be open to saying that the correct answer is to
have an embedded message that is promoted when found.  I don't know if this
has been implemented by any S/MIME implemenation I would be surprised if it
was widely adopted.


<Prev in Thread] Current Thread [Next in Thread>