Re: MDN Signed Body Part

[Rik Drummond <drummond@xxxxxxxxxx>]

Carl Hage wrote:
> 
> Karen Rosenthal (karenr@xxxxxxxxxxxx) wrote:
> : In draft-ietf-ediint-as1-02.txt, the Content-Type of the second body
> : part is specified as application/x-pkcs7-mime.  Is this correct, or
> : should application/x-pkcs7-signature be used?  The 2/23/96 S/MIME
> : Message Specification defines application/x-pkcs7-signature as the PKCS
> : #7 detached signature.
> 
> This is an error in draft-ietf-ediint-as1-02.txt.
> 
> There are two ways to sign data, either the embedded text form, where
> there is a single MIME type of application/x-pkcs7-mime, or the
> MIME multipart/signed, where the signature is separate from the
> text. In this case, the application/x-pkcs7-signature is the proper
> type.
> 
> The first method has the original message encoded in binary form and
> requires PKCS software to decode. The second method works the same as
> the PGP/MIME except the PKCS7 signature algorithm is used instead
> of the PGP algorithm. Also, the original message is not encoded, and
> can be read separately from the authentication.
> 
> In my opinion, the second form should be used, but apparently, the RSA
> toolkit doesn't make this easy. (???)
> 
After the IETF meeting last month we will be doing the
application/x-pkcs7-mime as the standard because it fits the Internet
philosophy better than the other. As to the Commercenet test we are
conducting on these standards, we will be using the other for the next
several months because of how hard it is to do application/x-pkcs7-mime
with the Smime toolkits....  later, rik