I very much agree with Eric on this issue. This type of thing must be done
in a way which makes sense to the application. This is especially true
since one can't rely on signing time as a correct value, it does not even
have the quality of a timestamp yet.
From: EKR [mailto:ekr(_at_)terisa(_dot_)com]
Sent: Monday, August 10, 1998 10:09 PM
To: Russ Housley
Subject: Re: Replay of CMS SignedData
Russ Housley <housley(_at_)spyrus(_dot_)com> writes:
Unless an application making use of SignedData includes a specifically
formatted field that includes replay prevention, any application protocol
using SignedData will be open to replay.
The CMS specification can reamin silent on this issue, or we can recommend
a simple patch. Why not recommend that the signing time attribute always
When no authenticated atributes are included, this solution will not help.
In this case, the best we can do is a paragraph in the security
I'd rather the spec remain silent on this issue.
Timestamps aren't a very good fix for replay prevention.
Applications which desire replay prevention should carefully
consider what it is they are trying to accomplish and
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."