[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Non-repudiation for Message Disposition Notifications
Karen Rosenthal (karenr@premenos.com) wrote:
: Any anticipated standard for receipts at the bodypart level? There is
: demand in the user community for signing specific bodyparts, thus we
: should probably anticipate the need for bodypart level receipts.
One thing to keep in mind is that a signed MDN which contains an
MD5 of 5 body parts is equivalent to 5 signed body parts.
It's important to define what the signature means. Here we have been
mainly talking about receipt of all data in a message, including all
body parts.
If a single message is to be dispatched to several different recipients
where separate signatures are used, then a MIME digest can wrap the
individual messages, each of which has RFC822 headers with an MDN request.
If you get more complicated than that, you need to define what the other
signatures mean, e.g. successfully processed, accepted, approved, etc.
I don't know of any standards that process signatures with such semantics.
In EDI, the MDN only signifies receipt. Signed results of processing would
be sent back in a separate message.
: No, nothing in Version 1 that is missing in Version 2. Just trying to
: determine when Version 2 will be required.
Version 2 allows detached data signatures using multipart/signed. This
would be used to produce signed email (but not encrypted) that can be
read without decoding the binary PKCS7 data, e.g. RFQs sent to many people,
where not all can authenticate.
--------------------------------------------------------------------------
Carl Hage C. Hage Associates
<email:carl@chage.com> Voice/Fax: 1-408-244-8410 1180 Reed Ave #51
<http://www.chage.com/chage/> Sunnyvale, CA 94086