Jeff> Please don't read into my comments more then what was there. All I
was saying is that if you care about what information was signed, then you
should look only at the output of the de-enhancing process, not the
input to that process. Only the output can be reasonably guaranteed to
correspond to what was digitally signed.
Does anybody believe this? If they did, then the clear_sig option is a
bad mistake. Don't forget, the mail reader has limited control of the
processes that the mail goes through before he gets it and reads it.
This is true at least for the great majority of mail readers who are
not on this list. If the clear_sig option were eliminated, then the
user would not be able to view an signed message prior to "de-
enhancing". Then none of the problems cited earlier would exist.
The best way to eliminate the clear_sig "bug" is to eliminate clear_sig,
not to add requirements on the Presentation image to "correct" it.
Peace ..Tom