Re: Regarding consensus on Multipart/Signed

Terry Gray (gray@CAC.Washington.EDU)
Sun, 25 Feb 1996 09:04:18 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Ned Freed: "Re: A brief comparison of email encryption protocols"
In reply to: Nathaniel Borenstein: "Re: Regarding consensus on Multipart/Signed"

> This is the nastiest problem.  If you allow 8-bit or binary data inside
> the signed object, how is a 7bit gateway supposed to handle it?
> One idea would be to compute the signature on the canonical
> (pre-encoded) form.

Right.  I think this is what Mark C. suggested in his previous message.
Of course this implies that any CTE transform is 100% invertible.

> This would mean that a gateway was free to apply
> any new leaf encoding, knowing that the signature would be unaffected
> because it would be computed on the canonical form.  This is quite ugly,
> however.  I suspect we're better off maintaining the 7-bit requirement.

Maybe, but in making the decision I want to make sure none of us misjudge
the size of the uproar when people in Europe actually read 1847.  Even as
a MIME co-author and the metamail author you may not be *fully* aware of
the amazing level of flack that MUA purveyors receive for "inflicting" on
their recipients what many refer to as "Quoted Unreadable"...

Moreover, what are the odds that gateways really will leave 7bit message
content alone?  As you know better than I do, the Internet is only
approximately 7bit safe, so it's not just 8bit messages that the sending
MUA must encode: any msg with trailing blanks or tabs, a line beginning
with "From ", etc, are all likely to result in failure-to-verify errors
unless encoded.  And the more encoding that is done, the less backward
compatibility we maintain, given experience with Q-P.

Problem re-statement: some recipients will have a non-corrupting delivery
path; some will not.  Some will have MIME-aware MUAs, some will not.  We
can't keep everyone happy in any case, but we may satisfy many more if
there is a scheme that permits CTE transformations en route.

CURRENT RESULT:
			Safe MTA path		Unsafe MTA path

None-MIME-aware MUA	Encoding hated		No way to win

MIME-aware-MUA		Encoding tolerated	Encoding desired


IDEAL RESULT: only recipients on an unsafe MTA path see an encoded msg


Given that many folks consider the 7bit encodings to be unacceptably ugly,
we have to choose between the lesser of two uglies.  You may be right that
7bit-izing everything (and encoding even some 7bit msgs) is our best bet,
but I'd like to make sure that the issue is fully examined before we all
jump into the leaky life-raft :)

-teg

Previous message: Ned Freed: "Re: A brief comparison of email encryption protocols"
In reply to: Nathaniel Borenstein: "Re: Regarding consensus on Multipart/Signed"