But if the use of mutlipart/alternative is only a recommendation, not
an absolute requirement, how can user software know what to send to
the validation server? So it has to send the whole thing. So how
does the validation server know if the first part of the /alternative
is supposed to be the signed text? I suppose if it isn't, the validations
service could generate a further nested multipart/alternative...
Sure seems like a mess to me.
Donald
On Thu, 21 Sep 1995, Jeff Thompson wrote:
Concerning the the "gaping security hole" of using S/MIME's
multipart/alternative approach with a remote message validation
server:
Since the remote validation server is S/MIME-aware (it is checking the
signature), then it can also check if the message it is verifying is
multipart/alternative. If it is, then it can simply confirm that the
data in the "clear" part is the same as the data inside the PKCS
part.
This would be a good thing to suggest in the S/MIME spec, thus closing
the "security hole."
- Jeff
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee(_at_)cybercash(_dot_)com
318 Acton Street +1 508-371-7148(fax)
dee(_at_)world(_dot_)std(_dot_)com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)