[Top] [All Lists]

S/MIME counter-signature: comment and question

1997-12-16 08:41:03
CMS-01.txt states (section 5.3) that countersigning can be done by including a 
PKCS#9 countersignature attribute as an unauthenticated attribute. Looking at 
CounterSignature in PKCS#9, it specifies that it is what is signed is 'the 
contents octets of the DER encoding of the encryptedDigest field of the 
SignerInfo value with which the attribute is associated.'  However, it seems 
that the encryptedDigest attribute has been removed from SignerInfo in CMS-01, 
though it is in PKCS#7.  Is this an inconsistency or have I missed something? 

A related question: As a receiver, how do I tell who sent an S/MIME message in 
the case where there are multiple signatures (or countersignatures) on it. How 
can I be prevented as a sender from getting someone to parallel-sign or 
counter-sign my S/MIME document, sending it out as a mail message, and claiming 
it was they who sent it (e.g. by putting their E-mail address in the From: 
field).  Thoughts?


Tim Dean
 (Standard Disclaimer applies)