IETF Logo Mail Archive

RE: Issues with S/MIME Message Specification

"Bob Jueneman" <BJUENEMAN@novell.com> Tue, 18 May 1999 23:05 UTC

Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA17375 for <smime-archive@odin.ietf.org>; Tue, 18 May 1999 19:05:55 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id PAA23374 for ietf-smime-bks; Tue, 18 May 1999 15:04:12 -0700 (PDT)
Received: from prv-mail20.provo.novell.com (prv-mail20.Provo.Novell.COM [137.65.40.4]) by mail.proper.com (8.8.8/8.8.5) with SMTP id PAA23370 for <ietf-smime@imc.org>; Tue, 18 May 1999 15:04:11 -0700 (PDT)
Received: from INET-PRV-Message_Server by prv-mail20.provo.novell.com with Novell_GroupWise; Tue, 18 May 1999 16:03:26 -0600
Message-Id: <s7418f4e.053@prv-mail20.provo.novell.com>
X-Mailer: Novell GroupWise 5.5
Date: Tue, 18 May 1999 16:03:21 -0600
From: Bob Jueneman <BJUENEMAN@novell.com>
To: jimsch@EXCHANGE.MICROSOFT.com
Cc: ietf-smime@imc.org
Subject: RE: Issues with S/MIME Message Specification
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.proper.com id PAA23371
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
Content-Transfer-Encoding: 8bit

Jim,

I still can't find the comment, so maybe I'm remembering something from an 
e-mail exchange or something -- is the statement included somewhere, or 
not?

I can't tell from your message which functionality was requested --
that the self-encrypted message be included, or not. Or were you
referring to a request to Microsoft, rather than to the IETF?

In any case, although I value the human rights worker's cause,
and also the whistle blower's, etc., there is another set of values
that also needs to be addressed at the same time, and that is the
need for either the business or the user to be able to recover
encrypted messages, of various but legitimate purposes.

One set of values doesn't necessarily trump the other -- they need
to be debated on their merits.

(Again, apologies if this issue was thrashed to death without my having 
seen it go by.)

Bob


>>> "Jim Schaad (Exchange)" <jimsch@EXCHANGE.MICROSOFT.com> 05/18/99 03:41PM >>>


Finally, somewhere in these documents there is a statement regarding the
advisability of including the content encryption key encrypted in the
originator's public key, but despite rereading the documents multiple
times I can't find that text again.  As I recall, the text said that this
SHOULD be done.  I would argue that this should be changed to MUST, for I
can't imagine a situation where the originator of an encrypted message
would not want to be able to read his own message, for example in an
outgoing or Sent-Mail queue. He might need to be able to decrypted, and
even retract it in order to resend it with modifications.  It would not be
reasonable to rely on the originator to bcc herself to gain this
capability -- it ought to be required by the spec.

[Jim Schaad]  This was a requested functionality by a group of people and is
there for a reason.  One situation in which this would be the case is human
rights workers sending encrypted mail to the home office.  They do not want
the local police to be able to read the mail by stealing the machine and key
or by force.

jim schaad

v2.39.1 | Report a Bug | By Email | System Status