From: Brad Templeton (brad@templetons.com)
Date: Fri Jun 04 1999 - 14:03:44 CDT
On Fri, Jun 04, 1999 at 12:04:47PM +0000, Charles Lindsey wrote:
> Yes, I will buy that, because it is what I have been proposing all along.
>
> There is just the added feature (hack?) that, if you include a Content-MD5
> amongst the headers you sign, then you have effectively signed the body as
> well, which could be a handy method for newgroup messages.
Well, I have actually come to agree with the idea of requiring a hash of
the body in the set of signed headers, rather than just hashing the
body concatenated with the signed headers.
Now I don't think that we should ever *not* sign the body -- that's just
asking for trouble unless perhaps the body is totally irrelevant as it is
on some control messages.
However, it is nice if the software can delay the hashing of the body until
the end of its tasks, because it often doesn't even read the body until
the end of its tasks. And it also simplifies the encapsulation into
multipart/signed that will be done by news -> mail gateways that want to
preserve signatures.
However, it should never be specified that checking the body hash is an
OPTION. If the body is meaningful, you can't claim to have checked the
signature if you didn't check the body hash.