ietf-smime
[Top] [All Lists]

Re: AW: Content Type for XML Objects

2008-04-09 00:42:47

On Wed, Apr 09, 2008 at 06:31:03PM +1200, Peter Gutmann wrote:
The nice thing about S/MIME and PGP is that what's signed is "this string of
bits, exactly as is", without any need to perform impossible manipulations on
it first like XMLdsig requires.

One way to avoid this temptation is to just leave it as "throw a MIME
Content-Type at the beginning of it with application/(something)+xml, mark it
id-data and call it S/MIME". The overhead does not seem significant (just the
additional header), and I don't know the utility of being able to identify it
as XML at the outer CMS wrapper.

It also, of course, neatly sidesteps any issues relating to "the C word" since
it is already steeped in current practice to just leave the poor guy's bits
alone, as Peter points out.

Blake
-- 
Blake Ramsdell | Sendmail, Inc. | http://www.sendmail.com