Re: [Ieprep] Discussion of Internet-Draft for SMTP priorities

> this is just a quick answer to a couple of points I can respond to off
> hand. I am going to give a more complete answer next week (I am out of
> office starting tommorow until Monday including).

hmmmm, planning to take some time off to see the next German football  
match? :-)
(just kidding)

>> [...]
>> Outside of that, it would seem desirable for your draft to at least
>> advocate some measures of security like S/MIME for header protection
>> (rfc-3851), and possibly the use of AUTH.
>
> S/MIME is strictly for the content of the email. This area has been
> left out of the draft because of reasons stemming from the research
> project I work on. In the general case it is probably a good idea to
> at least consider this area. As for AUTH, you are completedly right.

Section 3.1 of rfc-3851 has the following text...

    In order to protect outer, non-content related message headers (for
    instance, the "Subject", "To", "From" and "CC" fields), the sending
    client MAY wrap a full MIME message in a message/rfc822 wrapper in
    order to apply S/MIME security services to these headers.  It is up
    to the receiving client to decide how to present these "inner"
    headers along with the unprotected "outer" headers.

    When an S/MIME message is received, if the top-level protected MIME
    entity has a Content-Type of message/rfc822, it can be assumed that
    the intent was to provide header protection.  This entity SHOULD be
    presented as the top-level message, taking into account header
    merging issues as previously discussed.

I was under the impression that the above left the door open for S/ 
MIME to protect static parts of the SMTP header.  But admittedly, I'm  
not deeply familiar with the draft, so my apologies if I've  
misinterpreted things.

-ken

_______________________________________________
Ieprep mailing list
Ieprep@ietf.org
https://www1.ietf.org/mailman/listinfo/ieprep