David,
This idea should be explored further. The problem I am having
is: how do you reference the MIME headers as a URI? I don't
think that the same URI (whether cid or content-location URI)
can be used...
If we can solve that conundrum, then we may have something.
Cheers,
Chris
David Fischer wrote:
> I would like to suggest a variation on Suresh's idea.
>
> What if we add a second Reference in the ds:Signature for 'each' payload so that
> there would be two references to the same cid, for each payload. I looked in
> the dSig spec and there doesn't seem to be any prohibition on this.
>
> The first reference would be to the payload as it has always been with whatever
> canonicalization or transforms are required. The second reference would be to
> the MIME headers. Suresh's canonicalization of the MIME headers would still be
> required but we wouldn't have to copy the MIME headers into the Manifest
> (minimal change to the spec). We would still have to define that
> Canonicalization Algorithm that Suresh described.
>
> I don't know if this is better or worse but it is another option.
>
> I'll confess, this is actually Rik's idea but I kind of like it.
>
> Regards,
>
> David Fischer
> Drummond Group.
>
>