Blake:
> The nice thing about S/MIME and PGP is that what's signed is
"this string of
> bits, exactly as is", without any need to perform impossible
manipulations on
> it first like XMLdsig requires.
One way to avoid this temptation is to just leave it as "throw a MIME
Content-Type at the beginning of it with application/(something)+xml, mark it
id-data and call it S/MIME". The overhead does not seem significant (just the
additional header), and I don't know the utility of being able to identify it
as XML at the outer CMS wrapper.
I already proposed this before starting this thread. This is the
response I got:
> Gah, please not MIME encoding. We already have to have ASN.1 and XML
> libraries, I don't want to have to add a MIME library too.
As you can see, there is a strong preference to carry the XML object
directly in CMS.
Russ