content-md5

[Dave Crocker]

Folks,

What is the current status of content-md5 usage?

I am wondering whether this sort of signing of the body is reliable and
cheap, and whether it has become at all popular.

d/
-----
Dave Crocker <mailto:dcro...@brandenburg.com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel: +1.408.246.8253>; <fax: +1.408.850.1850>

[Charles Lindsey]

In <162250558403....@brandenburg.com> Dave Crocker <d...@dcrocker.net> writes:

>Folks,

>What is the current status of content-md5 usage?

>I am wondering whether this sort of signing of the body is reliable and
>cheap, and whether it has become at all popular.

Well dtmail is the only mailer that generates it AFAIK, and it gets it
wrong (or does in Solaris 7 - it may be fixed in later versions). I know
for a fact that Turnpike checks it.

But as a feature, I like it, because it is proof against changes of CTE as
the message propagates. Also, on occasions when headers of a message have
to be signed (e.g. in PGPVerify), it would be far nicer to exclude the
body of the message from the signature and, instead, sign the Content-MD5
header alongside whatever other headers were being signed. That way, if
something fails (e.g. some trailing white lines got added to the body),
the recipient has a much better chance of working out what went wrong, and
at least he knows that the headers were received intact.

So, it ain't broke and doesn't need to be fixed.

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: c...@clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5