[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RFC 2634 Questions
The match of names only applies to the innermost layer on a triple
I am not sure what you mean by a mail merge functionality. It could be
one of two things:
1) merging a mail message with a database - in this case the correct
person to sign the message is the MLA since that is the entity that
actually sees the final message.
2) merging of multiple messages together in a summary. This could be
done in a method that perserves the original signatures, but I would
expect that they would actually be stripped. The types of MLAs that we
are working with would not provide this type of feature.
> -----Original Message-----
> From: owner-ietf-smime@xxxxxxxxxxxx
> [mailto:owner-ietf-smime@xxxxxxxxxxxx] On Behalf Of suchet
> singh khalsa
> Sent: Wednesday, August 27, 2003 9:55 AM
> To: phoffman@xxxxxxx
> Cc: ietf-smime@xxxxxxx
> Subject: RFC 2634 Questions
> Hi Paul,
> Can you please answer the following questions w.r.t
> MLA processing of S/MIME messages :
> According to RFC 2632, while verifying signatures it
> should confirmed that the sender (RFC822 From or
> Sender headers) of the message is the same as the
> signed entity. Does this apply to ONLY the innermost
> signature in a triple wrapped message ?
> If no, this will impact MLA processing as documented
> in RFC 2634 in the following manner :
> 1. The MLA creates an outermost SignedData layer
> using the private key of the list. The final recipient
> will not be able to verify this signature since the
> From header is not the list email address. Is the
> solution here to set the list email address as the RFC
> 822 Sender header ?
> 2. Most MLA's support mail merge functionality. Is
> the intent of RFC 2634 to mandate that S/MIME and mail
> merge do not go hand in hand ? The reason for this
> question is : When MLA does mail merge, the innermost
> signature in a triple wrapped message will become
> invalid - so the MLA will have to sign with the
> private key of the list. So, the end recipient will
> not be able to verify this signature since the From
> header of the mail is not the list email address.
> RFC 2634 does not talk about this case :
> An application/pkcs7-mime bodypart is enclosed in
> another multipart, so that it is not the level 1
> bodypart. What should the MLA do in this case ?
> Possibilities are :
> 1. Create the outermost signature (according to
> RFC2634 page 34) for the whole mail.
> 2. Create the outermost signature (according to
> RFC2634 page 34) only for the application/pkcs7-mime
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design
> software http://sitebuilder.yahoo.com