ietf-smime
[Top] [All Lists]

Re: S/MIME counter-signature: comment and question

1997-12-16 09:18:56
Tim, please try to keep your line length down to below 80 characters.

Tim Dean <t(_dot_)dean(_at_)eris(_dot_)dera(_dot_)gov(_dot_)uk> writes:
CMS-01.txt states (section 5.3) that countersigning can be done by
including a PKCS#9 countersignature attribute as an unauthenticated
attribute. Looking at CounterSignature in PKCS#9, it specifies that
it is what is signed is 'the contents octets of the DER encoding of
the encryptedDigest field of the SignerInfo value with which the
attribute is associated.'  However, it seems that the
encryptedDigest attribute has been removed from SignerInfo in
CMS-01, though it is in PKCS#7.  Is this an inconsistency or have I
missed something?
I believe this should say 'signatureValue' rather than 
'encryptedDigest'. 

A related question: As a receiver, how do I tell who sent an S/MIME
message in the case where there are multiple signatures (or
countersignatures) on it. How can I be prevented as a sender from
getting someone to parallel-sign or counter-sign my S/MIME document,
sending it out as a mail message, and claiming it was they who sent
it (e.g. by putting their E-mail address in the From: field).
Thoughts?
Well, countersignature is not a problem since you're signing the
cryptographic signature, not the message text. MUAs (and by extension,
users) shouldn't treat a countersignature the same as a message
signature.

Parallel signatures are a harder problem. You could imagine having some
attribute that says 'I'm signing this, but I didn't write it'
but since we don't have a really clear definition of what a document
with multiple signatures means in the first place, this seems a bit
premature. I'd say that if you want to add your signature
to something but don't want to be confused with the sender, you
should use countersignature.


-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."