Re: the 8-bit dilemma

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Previous message: Brad Knowles: "Re: [No subject]"
• Maybe in reply to: Michael Elkins: "the 8-bit dilemma"

On Feb 26,  3:29pm, Michael Elkins wrote:

> I would argue that "object-based" security is not the right approach for
> what we are attempting to accomplish.  I see that as a more specific
> application that should be defined elsewhere (I can see that it would be
> useful for some applications).  However, e-mail (and even http) are very
> much transport oriented, and "message-based" security seems much more
> appropriate.

    It's not exactly clear to me what you mean by "message-based" vs.
"object-based" security.

    By message-based, do you mean that I apply one signature to the
whole message, originating headers and attachments included?  If so,
then yes.  That's exactly what I want to be able to do.  And I want to
guarantee that whatever transforms are applied to that message, that
it preferably remains clear text (for signed data only, of course) so
that it may be readable by non-security aware MUAs, but is also
transformable back so that the signature on the original message
(potential 8-bit object included) can be verified.

    By object based, do you mean that I would need to sign separately
each part of a message that has multiple sections?  If so, then no, I
don't want that myself, but I can see where someone else might.
Again, it should be transformable if necessary but be able to remain
clear text (for signed data), and should most certainly be
transformable back for the necessary multiple signature
verifications.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator          <http:www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148

• Previous message: Brad Knowles: "Re: [No subject]"
• Maybe in reply to: Michael Elkins: "the 8-bit dilemma"