ietf-smime
[Top] [All Lists]

RE: Receipts vs. SignedData

1997-11-11 14:46:02
On Tuesday, November 11, 1997 12:18 PM, Rich Ankney
[SMTP:rankney(_at_)erols(_dot_)com] wrote:
Agreed; I'm just looking for a way to have common processing of
SignedData, regardless of the inner content.  If there's no secure,
clean way to do it, I can live with what's there now.  Perhaps the
OUTER content should be Receipt, instead of SignedData, where
a Receipt is then the combination of SignedData and (inner)
Receipt, processed as defined in ESS?

I may be confused here, so someone please correct me if I am wrong.

Rich, my understanding of your comments is that the signature
verification of S/MIME messages of outer content type SignedData are
handled inconsistently, depending on whether or not it encloses MIME
data (identified by the PKCS #7-defined OID "data") or a Receipt
structure (identified by the newly created "receipt" OID under the SMIME
arc).  Is this the case?  My understanding is that the SignedData
signature computation for both is exactly the same, and that the only
processing difference occurs when the inner content (either the MIME
data or the Receipt structure) is removed and processed.  That is, the
MIME data is processed through the MIME engine, and the Receipt
structure is processed through "other means" that are
receiver-dependent.

If this is not the case, then I may need some information as to why
there is a difference, since I agree -- the signature processing should
be the same.

Blake
--
Blake C. Ramsdell
Worldtalk Corporation
For current info, check http://www.deming.com/users/blaker
Voice +1 425 882 8861 x103  Fax +1 425 882 8060


<Prev in Thread] Current Thread [Next in Thread>