At 5:53 PM 4/25/96, Dave Crocker wrote:
The message from the february email security workshop was broad and
thorough interest -- in fact it was really at the level of requirement --
in use of multipart/signature and a general desire to use multipart/encrypt
except that the technical difficulties of making it worthwhile appear to be
too much to be... worthwhile.
That's interesting. I agree there is some messy interaction between MIME's
content-transfer-encoding rules and the signature calculation, but there
wasn't much choice. We did consider computing the signature on an abstract
representation of the message instead of the concrete representation -- I'm
using "abastract" and "concrete" in the sense of "abstract syntax" vs in
"concrete syntax" in compiler technology, but it seemed clear that such an
approach would pose far greater difficulties in documentation and
implementation by a wide range of implementers.
The range of options and choice that MOSS provides is usually what
I hear cited as its major problem, not its integration with MIME.
This surprises me. And if it's really an issue, it would seem trivial to
choose a specific profile. I can't speak for the other authors or the rest
of the working group, but I certainly would be quick to support such an
approach.
Hmm... Perhaps the "choice" you're talking about is that MOSS allows
signatures before or after encryption. I've seen debate on this point, and
maybe this is one of the things that annoys or confuses people. If so,
this is not a problem with MOSS, per se, but only of choosing a preferred
order for these operations and speaking with one reasonably unified voice.
Steve
--------------------
Steve Crocker Main: +1 703 620 4200
CyberCash, Inc. Desk: +1 703 716 5214
2100 Reston Parkway Fax: +1 703 620 4215
Reston, VA 22091
crocker(_at_)cybercash(_dot_)com