[doseta-discuss] MIMEAUTH instead of S/MIME or PGP

Dave CROCKER dhc at dcrocker.net
Mon Apr 25 11:37:41 PDT 2011 


On 4/1/2011 12:26 AM, Murray S. Kucherawy wrote:
> On a different list I mentioned preparing to code up DOSETA to do MIME-specific
> part signing (see the MIMEAUTH draft) as an experiment. Some feedback I got
> pointed out that MUAs have been supporting S/MIME and PGP for a long time now,
> though those modules are largely unused. So the obvious question, then, is why
> do we need a new mechanism?
>
>
> I’m in support of DOSETA and MIMEAUTH (and DKIM and its other expected
> offshoots), but I imagine this question will come up in future working groups
> and we’ll need a solid answer.
>
> My own first thought is that it’s simply less intrusive in terms of having to
> reformat an existing object into a multipart object, but I don’t know if people
> will find that to be a good argument or not.


There are some basic differences between MIMEAUTH and the older mechanisms.

The first is structural.  As you note, MIMEAUTH does not get in the way, by 
virtue of packaging meta-data in a field rather than as a wrapper around the 
actual data.  (Obviously this benefit essentially disappears for a DOSETA use 
that includes encryption.  But that's a future issue.  All of the current focus 
is on singing.)

The second is functional. The older technologies are biased or locked-in to 
having confidentiality (encryption) along with authentication.  DOSETA and 
MIMEAUTH have an obvious bias towards authentication, but in the long run will 
at least keep the two separated (unless someone chooses to define a use that 
doesn't, I suppose...)

The third is semantic.  DOSETA and (when I upgrade MIMEAUTH) define different, 
extensible signing semantics (claims).  The older technologies have a single, 
fixed semantic.  This distinction is enhanced with the latest version of the 
DOSETA spec that provides for a list of semantic 'claims'.

One suspects the DOSETA spec needs a small marketing section that repeats the above?

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

More information about the doseta-discuss mailing list