pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

My $0.02 re MIME / secure mail

1993-11-01 23:03:00
from [Beast (Donald E. Eastlake, 3rd)] [Permanent Link] 

I see two problems of incompletness with the current PEM/MIME
proposals:

(1) They are obviously incomplete since they only provide for PEM
secured messages and not for PGP secured messages.  The format should
be general enough that one could send out a message with a PEM
signature and a PGP signature (and a DSS signature...) and be able to
handle the more ugly and hopefully less common case where you need
more than one cyphertext version due to different algorithms, etc.

(2) Soon, people are going to notice that when they reply to a message
and want to include an extract, they would like to have the extract
authenticated.  The only way I can see to do this is to include all of
the message responded to, with its signature/certificates, and provide
a MIME body part that is in effect a window into this message.  (Most
commonly to text but you might as well have a way to window into sound
or an image, etc.)  This also has the nice effect that a reader could
be provided with a way to see all of the original message being
replied to to see that the extract was/was-not out of context.  You
don't really want this "extract window" thing to be a multi-part with
the thing windowed into as the 2nd part or something (at least I don't
think so) as it is very common to have multiple windows into the same
base message.  You want it identified by id and have it been somewhere
else with presentation to the reader normally surpressed.

Donald

From:  KLENSIN(_at_)infoods(_dot_)mit(_dot_)edu
To:  ietf-822(_at_)dimacs(_dot_)rutgers(_dot_)edu

Reminder for those of you who are at IETF: In addition to the two
scheduled content subtype review sessions, there are other efforts going
on that should get careful review by the MIME community.  

In particular, the WG that is working on PEM and its relationship with
MIME is meeting Wednesday at 1330.  Since this work is critical to uses of
email and MIME that require authentication and interacts strongly with
other uses of MIME, I'd strongly encourage people to follow and
participate in the decisions being made there.

   --john
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: PEM-MIME drafts, p . churchyard
Next by Thread:  Re: PEM-MIME drafts, p . churchyard
Indexes:  [Date] [Thread] [Top] [All Lists]