Re: the 8-bit dilemma

Michael Elkins (
Tue, 27 Feb 1996 14:21:26 -0800

On Feb 27, wrote:
> I would argue the contrary position. It seems to me that with thevast 
> popularity of web server, e-mail is going to become a means of notifying 
> someone of a document they may want to be aware of, together with a secure 
> embedded  URL to a remote attachment they can fetch at their leisure.
> In this scenario, the object-based security model is vitally important. 
> Regardless of where the document or files happen to reside, I still want them 
> encrypted and protected against modification.

I'm not arguing that object based security isn't important.  But I think that
the disagreements we are seeing is because there are really two different
services that need to be provided:
	- secure transport of e-mail (or http)
	- a system for conveying (securely) signature for external bodies

These should be two separate issues and have different services.  For example,
you might have something like the following:

	Content-Type: multipart/signed; protocol="application/pgp-signature";
		micalg=pgp-md5; boundary=SignedBoundary

	Content-Type: multipart/mixed; boundary=MixedBoundary

	Here is a pointer to the latest release of the PGP/MIME reference

	Content-Type: message/external-body; access-type=anon-ftp;
		name="/pub/me/pgpmime-02.tar.gz"; site=""

	Content-Type: application/octet-stream
	Content-Transfer-Encoding: binary
	Content-MD5: <md5 hash data>

	Content-Type: application/pgp-signature

	<signature data>


Notice that there are two things going on here.  The message/external-body
contains the MD5 sum of the remote file ""
which is signature of the _raw_ data.  This is the "object-based" security.
On the outer layer (the multipart/signed) is the "transport-based" security,
which is used to securly convey the entire message to it's destination.

Michael Elkins <>
 PGP mail preferred.  Key availible via web or 'finger -l'
   Key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC
     "I could be wasting my time more productively than this." --me