On Tue, Mar 10, 2015 at 6:51 PM, Stephen J. Turnbull <step...@xemacs.org> wrote:
> > It's certainly the case that this proposal only deals well with > > footers. The specific algorithm is to construct a MIME tree and > > sign parts of it; specifically, sign all of it, and then verify all > > of what you get first. > > I think this is the wrong algorithm. I suspect that "the community" > is going to be almost as leery of this proposal as they are of l=, and > for similar reasons. Given that, I really think the right thing to do > is to take the MIME structure seriously and sign part-by-part. > The difference between this idea and "l=" is that there's still a signature covering the added part, that of the MLM. It has taken "some" responsibility (where "some" means "an unspecified amount, but not zero") for the added content. By contrast, "l=" leaves the appended bit unsigned. This scheme does sign individual parts as well, and then does merged signatures in each non-leaf node (corresponding to a "multipart/blah" node in the tree). This makes it easy to figure out below which non-leaf node(s) a change occurred. If you have two signatures in-hand (one author, one mediator), it's fairly straightforward to isolate the change and then figure out if you want to render/scan/remove/whatever it. -MSK _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
