Date: Wed, 26 Apr 95 10:27:17 -0400
From: Steve Kent <kent(_at_)bbn(_dot_)com>
. . .
The document entitiedl "Security Multiparts for MIME: Multipart/Signed
and Multipart/Encrypted" (draft-ietf-pem-sigenc-03.txt) has been
available for review for an even longer interval and thus I also am
issuing a last call for comments on this document as well.
Is the `multiparts' in the title an a priori goal?
In reading through the document, I didn't notice any mention of the
reasoning behind forcing the signature on a 7bit ascii message into
the body. This seems like a case where multiple parts are unnecessary.
Why not simply define the signature as a header field? Unless you are
encrypting a message or sending 8bit data, historical precedent would
seem to indicate that the signature should be in the header with the
rest of the message annotations.
In our independent implementations of mechanisms to annotate messages
with an X-PGP-Signed header field, Jack Repenning and I encountered
some minor issues, but certainly no show stoppers. Our mechanisms
interact well and each add (verify) a signature for the body,
excluding any trailing blank lines, into (from) the message headers.
--
Rick Busdiecker <rfb(_at_)lehman(_dot_)com> Please do not send electronic
junk mail!
Lehman Brothers Inc.
3 World Financial Center "Anonymity is a shield from the tyranny of the
New York, NY 10285-1100 majority." -- Justice John Paul Stevens, 19Apr95