>Could someone please refresh my memory as to why the "consensus" was to >use application/<specific> instead of application/octet-stream in the >second part of a multipart/encrypted message? Given the current state of >things, this doesn't seem to be so bad (PGP doesn't use the first part, >and I don't think multipart S/MIME will either), but I have concerns >about what will happen in the future. If RFC1847 is indeed adopted and >changed so that the first part can be a multipart containing several >different certificates (but with the same key, I suppose), then the second >body really isn't specific to any system... I'm not up to speed on the basic issue you are discussing, but your parenthetical remark "(but with the same key, I suppose)" causes me a great deal of heartburn. I am willing to concede that there may be certain, VERY unusual circumstances where a certificate may have to be reissued with the same public key as an old one, but these should be extremely rare. (An example is the cessation of operation of a CA, including a change of name that might be caused by a merger or acquisition. If some other organization takes over the CA's responsibility, including those implied by the CA policy to the last tittle and jot, then I suppose it would be OK to reuse the old public key so as to avoid trashing the entire certificate hierarchy at that point.) Unless the certificate itself is bound in with the signed message, which is not normally the case, then using two different certificates with the same key makes it cryptographically impossible to determine which certificate in fact was supposed to be used. Since the entire point of having a certificate is to bind the public key to some form of name, identity, and/or attribute/permissions, having two certificates with the same public key introduces an intolerable ambiguity. Bob Robert R. Jueneman GTE Laboratories 40 Sylvan Road Waltham, MA 02254 Jueneman@gte.com 1-617/466-2820 "The opinions expressed are my own, and may not reflect the official position of GTE, if any, on this subject."