Re: RE: MIME-PEM questions

The stuff inside message/pem-clear and application/pem-encrypted is intended
to be a complete MIME object, with a content-type header and so on. If this
isn't clear the document needs to be changed so that it is. (Wording
recommendations are welcome!)

I think the confusion arises, to me at least, because of the following.

It is stated in the discussion of preparing a msg. for submission that
PEM enhancements can be applied to a MIME body part.

However, in the description of message/pem-clear and 
application/pem-encrypted,
it is not stated that the body part of these C-Ts is itself a MIME body part
with the appropriate PEM enhancements applied to the entire body part.


Got it. I'll see if I can't correct this in the next draft.

Also, you said something in your last msg. which confuses me.  Why will
a gateways change of the CTE possibly lead to a MIC verification error?
(Assuming that  something like quoted printable or base64 is used.)


The CTE change in and of itself does not lead to an error; it is the change
of the CTE *label* that can lead to an error.

Let's say you have a multipart/mixed where the third part is 8bit and labelled
as follows:

    Content-Transfer-encoding: 8BIt

This is perfectly legal. The content is privacy-enhanced and goes merrily on
its way. Somewhere along the line a mailer has to convert it to 7 bit material.
It choosed quoted-printable for this particular part and changes the header to:

    Content-Transfer-encoding: quoted-printable

Now the message reaches its destination and the integrity check has to be
computed. First of all, the current MIME-PEM spec says nothing about
re-canonicalization of subparts, but let's assume we add that. So this part
gets decoded. So how does it get labelled? (It could even have originally been
labelled as binary, but let's ignore that.) How does the recanonicalization
process know to produce the *exact* header line shown above, including the
funny choice of mixed case? And this is vital since the header itself is part
of the privacy enhanced content.

There are an endless number of similar examples involving MTAs, gateways,
you name it.

                                Ned

<Prev in Thread]	Current Thread	[Next in Thread>
An Alternate Proposal (Was: MIME-PEM questions), (continued) An Alternate Proposal (Was: MIME-PEM questions), Greg Vaudreuil Re: An Alternate Proposal (Was: MIME-PEM questions), Ned Freed Re: MIME-PEM questions, Raymond Lau Re: MIME-PEM questions, Derek Atkins Re: MIME-PEM questions, David Herron Re: MIME-PEM questions, lwj RE: MIME-PEM questions, Ned Freed Re: MIME-PEM questions, Raymond Lau RE: MIME-PEM questions, Ned Freed Re: RE: MIME-PEM questions, Raymond Lau Re: RE: MIME-PEM questions, Ned Freed <= Re: RE: MIME-PEM questions, Raymond Lau Re: RE: MIME-PEM questions, Ned Freed Re: MIME-PEM questions, raylau Re: MIME-PEM questions, Ned Freed Re: MIME-PEM questions, Greg Vaudreuil RE: MIME-PEM questions, Ned Freed

Previous by Date:	Re: RE: MIME-PEM questions, Raymond Lau
Next by Date:	Re: RE: MIME-PEM questions, Raymond Lau
Previous by Thread:	Re: RE: MIME-PEM questions, Raymond Lau
Next by Thread:	Re: RE: MIME-PEM questions, Raymond Lau
Indexes:	[Date] [Thread] [Top] [All Lists]