Many mail applications ignore unrecognized header fields in order to
allow experimental fields and future expansion. So consider the
following modified example from the PEM/MIME draft:
Content-Type: multipart/signed; protocol="pem"; hashalg="md5";
boundary="Signed Message"
--Signed Message
Content-Type: text/plain
Note: please send refunded monies to Jeff Thompson
We have returned item #4425 for full refund.
--Signed Message
Content-Type: application/signature
<pemsig>
--Signed Message--
The recipient may look at the original cleartext version of the
message and see the note to divert the refunded money. The PEM
application will indicate that the signature is valid since the signed
text has not been altered. Is this a security problem? Some
possibilities:
A. It is not a problem since the MIME agent will process the formatted
message before the user sees it and only display the signed text.
(But then why did the MIME standard go to the trouble of making
unprocessed messages readable?)
B. The MIME agent should "beep real loud" when it comes across
unrecognized header fields. (This makes it hard to use experimental
or new fields.)
C. It is serious enough that unrecognized fields should be disallowed.
D. Designing the standard to allow casual inspection of secured
messages is a Bad Idea. (Perhaps the message text should always be
base64 encoded.)
E. ...
I haven't formed any strong opinions yet about how to resolve this and
I'm interested in comments.
- Jeff