IETF Logo Mail Archive

Re: Issues with S/MIME Message Specification

Andrew Farrell <afarrell@baltimore.ie> Wed, 19 May 1999 01:01 UTC

Received: from mail.proper.com (mail.proper.com [206.86.127.224]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA18505 for <smime-archive@odin.ietf.org>; Tue, 18 May 1999 21:01:19 -0400 (EDT)
Received: (from majordomo@localhost) by mail.proper.com (8.8.8/8.8.5) id RAA29078 for ietf-smime-bks; Tue, 18 May 1999 17:06:27 -0700 (PDT)
Received: from puma.baltimore.ie (firewall-user@pc215-8.indigo.ie [194.125.215.8]) by mail.proper.com (8.8.8/8.8.5) with ESMTP id RAA29074 for <ietf-smime@imc.org>; Tue, 18 May 1999 17:06:25 -0700 (PDT)
Received: by puma.baltimore.ie; id BAA23643; Wed, 19 May 1999 01:39:41 +0100 (GMT/IST)
Received: from ocelot.baltimore.ie(10.49.0.10) by puma.baltimore.ie via smap (4.1) id xma023638; Wed, 19 May 99 01:39:00 +0100
Received: from ocelot.baltimore.ie (afarrell@localhost [127.0.0.1]) by ocelot.baltimore.ie (8.8.7/8.8.5) with ESMTP id BAA16423; Wed, 19 May 1999 01:05:47 +0100
Message-Id: <199905190005.BAA16423@ocelot.baltimore.ie>
To: ietf-smime@imc.org
Cc: bjueneman@novell.com
Subject: Re: Issues with S/MIME Message Specification
In-Reply-To: Your message of "Tue, 18 May 1999 16:26:42 MDT." <00ba01bea17d$812f7eb0$4dd44189@provo.novell.com>
Date: Wed, 19 May 1999 01:05:47 +0100
From: Andrew Farrell <afarrell@baltimore.ie>
Sender: owner-ietf-smime@imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>

Robert Jeuneman writes:

>Eric,

>Thanks for your comments.  I hadn't considered the possible difference 
>in scope between the S/MIME Message Specification and the CMS, but I can 
>see that CMS might have broader applicability, and hence, differing 
>requirements.

This is also the reason why there are, on close examination, no MUSTs
or SHOULDs in CMS. 

>With respect to the issue of bcc'ing the originator on an encrypted
>message, although I suppose it is possible that the originator doesn't
>have a public encryption key, this seems mildly unlikely, so I am more
>inclined to agree with William Whyte's comment.

I'm not sure that the My Esteemed Colleague's comment was anything
more than a point of information. There will be situations when an
application should include an originator key, but there are also counter
examples. Locking a MUST into the standard is unnecessary, particularly
since there's no compelling interoperability or security issue.

>I wish I could find where I read that statement -- I thought it was in =
>one of the RFC's, but I can't find it.

draft-ietf-smime-msg-08.txt, section 3.3

Also, it should be noted that switching from MUST RC4 to MUST tripleDES
was the very first thing the ietf-smime group did, back 2 years ago.
There was a lot of discussion back then, all of it available on the IMC
mail archive. Not intended as a brush-off: there was a lot of relevant
debate.

>Regards,

>Bob

Andrew.

v2.37.1 | Report a Bug | By Email | System Status