Re: draft-ietf-usefor-article-04.txt: 6.21.3 considered harmful.

From: Clive D.W. Feather (clive@demon.net)
Date: Tue May 01 2001 - 03:32:09 CDT

• Next message: Florian Weimer: "Re: ASCII (was Re: Transition to UTF-8)"
• Previous message: Brad Templeton: "Re: Cancel messages: another verification?"
• In reply to: Brad Templeton: "Re: draft-ietf-usefor-article-04.txt: 6.21.3 considered harmful."
• Next in thread: Thomas Roessler: "Re: draft-ietf-usefor-article-04.txt: 6.21.3 considered harmful."

Brad Templeton said:
>> Well, it must be said that signing the encoded form *was* a seriously
>> stupid idea, exactly *because* that means that changing the encoding
>> breaks the signature

> It was my understanding that multipart/signed is the reverse. You sign
> the encoded form, and you can't re-code.

Right. That's what's stupid.

> You don't want to sign the non-encoded form as that requires the transport
> to understand the encodings in order to check the signature.
[...]
> But you want the server to be simple, and not have to understand full
> MIME encodings.

How hard *is* this ? There are only three encodings:
* identity - trivial
* quoted-printable - convert =HH to an octet, ignore certain white space
* base64 - simple unpacking algorithm.

-- 
Clive D.W. Feather  | Work:  <clive@demon.net>   | Tel:  +44 20 8371 1138
Internet Expert     | Home:  <clive@davros.org>  | Fax:  +44 20 8371 1037
Demon Internet      | WWW: http://www.davros.org | DFax: +44 20 8371 4037
Thus plc            |                            | Mobile: +44 7973 377646 

• Next message: Florian Weimer: "Re: ASCII (was Re: Transition to UTF-8)"
• Previous message: Brad Templeton: "Re: Cancel messages: another verification?"
• In reply to: Brad Templeton: "Re: draft-ietf-usefor-article-04.txt: 6.21.3 considered harmful."
• Next in thread: Thomas Roessler: "Re: draft-ietf-usefor-article-04.txt: 6.21.3 considered harmful."