Message authorized by:
: wford(_at_)bnr(_dot_)ca@INTERNET at #EMAIL
from Warwick
Your words just about do it. However, I feel the description should
suggest/recommend (?) having the object conveying the certificate(s)
precede the signed object in the message, to enable the signature
to be processed without lookahead in the message.
Since this seemed close .... with a little merging ... how about including the
following into the specification:
Digital signature implementations can be simplified/optimized if the signer's
certificate (and, possibly, other certificates in the chain) accompany the
signature. This is not a mandatory capability because of the potentially
excessive communications overhead. MIME messages may contain any number of
parts, so certificates may be readily included with MOSS protected information.
The certificate chain should be created as a separate MIME object and then
combined with the MOSS protected MIME information to make a single MIME object.
The object conveying the certificate(s) should precede the signed object in the
message.
Note the above text really could still use an example ....
Paul