ietf-smime
[Top] [All Lists]

Re: AW: Content Type for XML Objects

2008-04-09 12:25:55

Blake:

> The nice thing about S/MIME and PGP is that what's signed is "this string of > bits, exactly as is", without any need to perform impossible manipulations on
> it first like XMLdsig requires.

One way to avoid this temptation is to just leave it as "throw a MIME
Content-Type at the beginning of it with application/(something)+xml, mark it
id-data and call it S/MIME". The overhead does not seem significant (just the
additional header), and I don't know the utility of being able to identify it
as XML at the outer CMS wrapper.

I already proposed this before starting this thread. This is the response I got:

> Gah, please not MIME encoding.  We already have to have ASN.1 and XML
> libraries, I don't want to have to add a MIME library too.

As you can see, there is a strong preference to carry the XML object directly in CMS.

Russ