You asserted that a UA which supports both ssl and protected mail
is interesting to application system design.
Is it possible to describe a general mechanism whereby an originator can
exploit the properties of MOSS and such a UA to *require* that a conformant
UA processes an incoming mail in any particular way?
In general the answer is no, you cannot do this. You cannot control the
actions of a remote UA this way. However, there are cases where you can
control certain aspects of a UA's operation.
For example, can one construct a MOSS-protected message such that prior to
decryption, the UA *must* succesfully perform an ftp session and retrieve
some data item, say?
How would one configure such an arrangement, if it is possible?
Sure, this is possible. Valdis alreay explained the obvious way to do it.
However, there is a a simpler way that I think may have some advantages. Valdis
proposed the following:
-multipart/encrypted
-message/external-
(indirect pointer to key information)
-application/encrypted-data
I think this may be better:
-message/external-body
(indirect pointer to message/rfc822 object, which in turn contains
a multipart/encrypted object)
The problem with Valdis' approach is that it assumes the essential key data
will be in the first part of a multipart/encypted. I had hoped that this would
be the case, but it seems likely that some formats will be used where the key
information is either embedded in the data or exhanged out of band. In this
case the first field of the multipart may be empty, so it doesn't need to be
retrieved and hence doesn't provide you with any useful receipt.
Now, you could argue that multipart/encrypted should not be used unless the
first part really does contain the key. Perhaps so, but counting on a
particular pattern for all future use doesn't seem like a good idea to me.
Ned