Russ,
You made some comments which stirred some discussion. I won't comment
on the discussion except to use your note to confirm the outcome.
I assume that a MIME message body can be both signed and
encrypted by applying both multipart/signed and
multipart/encrypted. First, I think that this should be stated
explicitly.
It is interesting that the words you chose to describe the desired
feature are not explicitly present. However, from a MIME viewpoint,
what you desire is present insofar as each of the definitions specifies
that the content type is applied to an arbitrary body part, i.e., there
are no restrictions whatsoever on what can be signed or encrypted. If
your suggestion is to add an example demonstrating that both may be
applied to an arbitrary body part, we can do that.
I should point out that previous versions of the PEM-MIME spec (as
opposed to the Security Multiparts spec under discussion) included many
examples of how the body parts could be combined. They were not
included in Version 6 of that document because we had not completed the
implementation, yet, and so could not generate real examples.
Second, the order of the encapsulation is very
important. In general, the didital signature should be applied
before encryption. If the message is signed before it is
encrypted, then the signed MIME message body can be forwarded to
another recipient. However, if the the message is encrypted
before it is signed, then forwarding signed MIME message body to
another recipient is not sufficient for that user to process the
message; the user should not have the keys to decrypt the signed
ciphertext.
While there might be some esoteric cases where the ciphertext
MIME message body should be signed, I do ot believe that this is
the normal case. I suggest that a section be added to the ID
which details this relationship.
We welcome your opinion Russ, however, we've also heard alternate
opinions. Peter Williams detailed one example in the discussion which
followed. Another example used in the commercial community is the
desire to be able to send a note to both a person and the person's
secretary. In this way, a secretary could be alerted to the urgency of
a message although the secretary would not be able to process the
message on behalf of the person.
In the specification, we'll add a few sentences about how they might be
combined but we'll leave the semantics of the combinations for those
applications that use them.
Jim
bin0JBEjHweBv.bin
Description: application/signature