On Wed, 7 Nov 2001, Rich Salz wrote: Parties concerned about MITM MIME tampering can create the object, parties not concerned will just see a little bit of XML content to hash. Regardless of where the MIME headers are duplicated -- whether the manifest or in the signature element as an object -- the point is it needs to be required, not optional. Jim