Michael Collette wrote: > > > The S/MIME question is a bit fuzzier. Eudora apparently supports PGP > natively, and S/MIME via a 3rd party plugin. The mechanics of how this > works is rather sketchy. Here's an article covering this. > http://www.worldtalk.com/Products/SMIME%20Everywhere/sme.shtm >
I'll expand a little on why S/MIME is a non trivial problem. An S/MIME message uses the multipart/signed MIME type. This consists of two parts, the second is the signature and the first is the data the signature covers (or near enough). You need the first part verbatim to verify the signature. The first part is also in MIME format and could contain attachments of various kinds or indeed could be an S/MIME message itself. Removing attachments from the message and perhaps decoding them will of course break the signature. However some additional "state" information is needed to successfully reconstruct the original signed data, for example line lengths in base64 whether blank lines are included and where, the boundaries, all manner of things. When you consider nested S/MIME messages each of which could contain attachments you can get an idea of how complex that could be to handle. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
