Re: AW: Content Type for XML Objects

[Russ Housley <housley@xxxxxxxxxxxx>]

Blake:

> > The nice thing about S/MIME and PGP is that what's signed is 
> "this string of
> > bits, exactly as is", without any need to perform impossible 
> manipulations on
> > it first like XMLdsig requires.
>
> One way to avoid this temptation is to just leave it as "throw a MIME
> Content-Type at the beginning of it with application/(something)+xml, mark it
> id-data and call it S/MIME". The overhead does not seem significant (just the
> additional header), and I don't know the utility of being able to identify it
> as XML at the outer CMS wrapper.

I already proposed this before starting this thread.  This is the 
response I got:

> Gah, please not MIME encoding.  We already have to have ASN.1 and XML
> libraries, I don't want to have to add a MIME library too.

As you can see, there is a strong preference to carry the XML object 
directly in CMS.

Russ