My headers conform to 822 and I was under the impression that MIME
also conformed to 822. If MIME is not 822 conformant, then I stand
corrected.
MIME does conform to RFC 822, in that MIME messages are a subset of RFC 822
messages. But that's not the issue. The issue is whether or not your headers
conform to MIME. And they don't.
A much more serious and substantive issue, however, is that your
proposal uses new headers to effectively modify the actual nature
of the MIME content in a significant way.
I would choose to charactize them as avoiding MIME in a situation
where it is not needed, rather than modifying the nature of the MIME
content. There is no need for `MIME content' to be involved in the
situation at all.
Again you have things backwards. Sure, it is possible to secure the non-MIME
subset of RFC 822 messages using your scheme. But what about when I want to
secure a MIME message? Your scheme doesn't work well, if at all, in this case.
The issue isn't whether MIME is necessary to have message security. It isn't --
existing PEM and PGP both provide examples of this. The issue is how to to
secure MIME messages, which happens to be something I want to do. And your
scheme doesn't pass muster in this case, the case I believe most of us
are interested in.
. . . such conversion processing is guarateed to destroy the
signature in any but the most trivial of cases.
What I have been addressing throughout this thread is that the
security multiparts proposal turns a trivial case into a complex one
unneccesarily. I have been addressing the trivial case *because*
there is no need for the added complexity.
What you are in fact doing is addressing the trivial case exclusively with a
solution that only works in the trivial case and does not work well, if at all,
in any more complex case. Security multiparts, on the other hand, address both
the trivial case *and* the more complex case of securing MIME objects.
Moreover, thus far you have failed to demonstrate that your scheme is anything
more than marginally simpler than the security multiparts scheme. In fact by
some measures it is considerably more complex.
I seem to be outside of the MIME philosophy, primarily, because I
believe that complexity for it's own sake is not progress.
You are outside the MIME philosophy because you believe that partial solutions
to a small subset of the general problem are preferable to complete solutions
to the general problem with comparable complexity.
Ned