Re: MDN Signed Body Part

[chucks@xxxxxxxxxxxxx (Chuck Shih)]

Rik,

Just wanted to clarify:

On sending the AS#1 will change to use the multipart/signed version
of S/MIME instead of the signed-data version of S/MIME. This is as
a result of the IETF wg in San Jose.

The signed receipt has always been specified as using multipart/signed.
 
Rik Drummond wrote:
> 
> Carl Hage wrote:
> >
> > Karen Rosenthal (karenr@xxxxxxxxxxxx) wrote:
> > : In draft-ietf-ediint-as1-02.txt, the Content-Type of the second body
> > : part is specified as application/x-pkcs7-mime.  Is this correct, or
> > : should application/x-pkcs7-signature be used?  The 2/23/96 S/MIME
> > : Message Specification defines application/x-pkcs7-signature as the PKCS
> > : #7 detached signature.
> >
> > This is an error in draft-ietf-ediint-as1-02.txt.
> >
> > There are two ways to sign data, either the embedded text form, where
> > there is a single MIME type of application/x-pkcs7-mime, or the
> > MIME multipart/signed, where the signature is separate from the
> > text. In this case, the application/x-pkcs7-signature is the proper
> > type.
> >
> > The first method has the original message encoded in binary form and
> > requires PKCS software to decode. The second method works the same as
> > the PGP/MIME except the PKCS7 signature algorithm is used instead
> > of the PGP algorithm. Also, the original message is not encoded, and
> > can be read separately from the authentication.
> >
> > In my opinion, the second form should be used, but apparently, the RSA
> > toolkit doesn't make this easy. (???)
> >
> After the IETF meeting last month we will be doing the
> application/x-pkcs7-mime as the standard because it fits the Internet
> philosophy better than the other. As to the Commercenet test we are
> conducting on these standards, we will be using the other for the next
> several months because of how hard it is to do application/x-pkcs7-mime
> with the Smime toolkits....  later, rik