=>
=> When receiving the message in a single pass, however, an application
=> needs to know the digest algorithm(s) for digesting the content.
=> Therefore, a signed message should have three parts: a declaration of
=> digest algorithms, the content, and the application/signature. For example:
=>
=> To: ned(_at_)innosoft(_dot_)com
=> Subject: example #1
=> MIME-Version: 1.0
=> Content-Type: multipart/security; boundary="----- =Signature Boundary"
=>
=> ------- =Signature Boundary
=> Content-Type: application/digest-ids; protocol="pem"
=> Digest-ID: RSA-MD5
=>
Jeff,
The concern for one pass processing is very valid, but the implementation is
questionable. It seems to me that one could with little effort pass the
"md5" information as a subtype of "multipart/security". Or maybe just consider
that we really have two types of "multipart/security":
1) multipart/signed, which is comprised of a plain text and
a signature - maybe with subtypes identifying the hash algorithm
(multipart/signed-md5?)
2) multipart/encrypted, which is comprised of a key description and
a cryptogram.
Encrypted and signed may be achieved by encapsulating a "signed" multipart
within an "encrypted" multipart.
Christian Huitema