ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ESS-00 Comments

1997-11-06 14:12:43
from [Russ Housley] [Permanent Link] 
John:

See a few comments below.


10) Sec 2.2: Please add as last para:

"There can be multiple SignerInfos present within a SignedData object.  Each
SignerInfo can include authenticatedAttributes.  Therefore, the syntax
allows a single SignedData object to include multiple SignerInfos each of
which could include a receiptRequest attribute.   For example, if an
originator desires to send a signed message requesting signed receipts to a
set of users composed of RSA-only and DSA-only users.  The originator's
software can include one SignerInfo that includes an RSA signature value and
a receiptRequest attribute.  The same SignedData object could include
another SignerInfo that includes a DSA signature value and a receiptRequest
attribute.  In this example, the RSA-capable recipients should return an RSA
signed receipt to the originator and the DSA-capable recipients should
return a DSA signed receipt to the originator."


I like the thrust of your paragraph, but prefer a slightly different
approach.  Does this make all of your points?

"There can be multiple SignerInfos within a SignedData object.  Each
SignerInfo may include authenticatedAttributes.  Therefore, a single
SignedData object may include multiple SignerInfos each with a
receiptRequest attribute.   For example, an originator can send a signed
message with two SignerInfos, one containing a DSS signature and the other
containing a RSA signature.  Both SignerInfos can contain the same
receiptRequest attribute.  Each recipient should return one signed receipt."

If you like my paragraph, then similar words should be used in for comments
32 and 36.



11) Sec 2.3, 1rst para, 2nd sent: Please change "Processing software SHOULD
examine the authenticatedAttributes field of the innermost SignerInfo object
to determine if a receipt is requested." To "Processing software SHOULD
examine the authenticatedAttributes field of each of the SignerInfos for
which it verifies a signature in the innermost signedData object to
determine if a receipt is requested.  A receiving agent SHOULD build a
signed receipt for each SignerInfo in the SignedData object for which it
verifies the signature and which requests a signed receipt.  This may result
in multiple signed receipts being constructed and sent for a single
SignedData object."


Should we also have a warning here about the receipt policy in the
mlExpansionHistory of the outer signed-data?


Russ
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: S/MIME V3 Msg Spec Comments, David P. Kemp
Next by Date:  Re: ESS-00 Security Labels Issue, Russ Housley
Previous by Thread:  ESS-00 Comments, John Pawling
Next by Thread:  Re: ESS-00 Comments, John Pawling
Indexes:  [Date] [Thread] [Top] [All Lists]