On Wed, 4 Jan 1995, Steve Crocker wrote:
At 6:17 PM 1/4/95, Mr Rhys Weatherley wrote:
The only suggestion that I have for the multipart stuff is that of
distributing key data. i.e. putting the key data in as an optional third
body part.
Rhys,
What's your feeling about using the MIME multipart mechanism to transmit
both a MIEM-PEM message and key data instead of extending the security
multipart? In symbolic terms, taking a bit of license with terminology,
the comparison between what exists and what you're proposing is something
like:
mp_mix(mp_sec(app_enc(M),app_keys(K)),app_keydata(KK)) vs
mp_sec(app_enc(M),app_keys(K),app_keydata(KK))
Either is fine with me, which is why I'm not making this a showstopper
issue.
For the time being, I cannot conceive of sending a message without also
sending the key data along with it, so the nested structure would always
be there in practical messages. From a purely "nice looking" point of
view, the second is nicer on the eyes of people without MIME or PEM
software who are reading signed messages. If "nice looking" is not a goal
of the security multiparts, then I withdraw my suggestion.
Cheers,
Rhys.
--
Rhys Weatherley, Queensland University of Technology, Brisbane, Australia.
E-mail: rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au "net.maturity is knowing
when NOT to followup"