[Top] [All Lists]

Re: Protection of header elements in an S/MIME message

2005-02-01 13:37:07

Jim Schaad wrote:
Actually given the text that you have in the message draft, I consider it to
be useless and I don't know of anybody who is going to be able to deal well
with the message.  Its not very backwards compatable (i.e. no current
implementation will handle it well) and its not well defined for how header
comparision is done.

Ouch. But yes, you're absolutely correct that nobody will be able to deal well with the message (with the definition of "well" being defined as "merging the headers in an unambiguous way that represents both the intent of the sender and the desire of the receiver").

Since MASS is not using S/MIME in any way shape or form, I doubt you are
offending them.

I am offending them in that the way I would solve this problem is by putting headers in an inner attachment, which you've pointed out (twice) is a non-starter for them. If we try to come up with a unified mechanism for doing this, my strawman would be:

1. Inner message/rfc822

2. Rules for merging headers

3. What to do about required external headers and how to placate people who require them ("placebo" headers)

If anyone's interested, there are at least two relevant threads in the archive:

"Protecting fields via message/rfc822 and merging issues"

"The subject line leakage problem"

Blake Ramsdell | Sendmail, Inc. |