All,
At the 10 Dec 97 IETF S/MIME Working Group meeting, I presented a proposal
for enhancing ESS, Section 2.4, Signed Receipt Creation, so that the chain
of digests leading to the signedData/Receipt signature value includes
digesting the authenticatedAttributes of the original signedData signerInfo
requesting the signedData/Receipt and includes digesting the
authenticatedAttributes of the signedData/Receipt signerInfo. This allows
the originator of the original signedData object requesting the
signedData/Receipt to verify that the recipient received and was able to
verify the signature of the original signedData object including the content
and authenticatedAttributes. This also allows the originator of the
original signedData object to verify the integrity and authenticity of the
authenticatedAttributes of the signerInfo containing the signedData/Receipt
signature value. The meeting attendees agreed with this proposal with one
minor enhancement recommended by Jim Schaad. This message proposes the
exact text and diagrams for inclusion in ESS, Section 2.4 (including Jim's
recommended enhancement).
Note: The proposed msgSigDigest attribute will be an OCTET STRING and needs
to have an OID assigned in the "OIDS User with S/MIME" document.
Note: I will send a follow-up message with the corresponding proposed
changes to ESS Section 2.7, Receipt Digest Value section.
"2.4 Signed Receipt Creation
A signed receipt (i.e. signedData object encapsulating a Receipt content
(signedData/Receipt)) is created as follows:
1. The signature of the original signedData signerInfo that includes the
receiptRequest authenticated attribute MUST be successfully verified before
creating the signedData/Receipt. Figure 2.4.1 and the following text
summarize the message signature digest calculation process described in CMS,
Section 5.3, as applied to the verification of the signature of the original
signedData signerInfo. The ASN.1 DER encoded content of the original
signedData object is digested as described in CMS, Section 5.3. The
resulting digest value is then compared with the value of the messageDigest
attribute included in the authenticatedAttributes of the original signedData
signerInfo. If these digest values are different, then the signature
verification process fails and the signedData/Receipt MUST NOT be created.
The ASN.1 DER encoded authenticatedAttributes (including messageDigest,
receiptRequest and, possibly, others) in the original signedData signerInfo
are digested as described in CMS, Section 5.3. The resulting digest value
(msgSigDigest) is then used to verify the signature of the original
signedData signerInfo. If the signature verification fails, then the
signedData/Receipt MUST NOT be created.
Original
SignedData
Content
* *
* *
* digest *
| Original SignedData SignerInfo
v Authenticated Attributes
------------------------------------------------------
| messageDigest | receiptRequest | other attributes ...|
------------------------------------------------------
* *
* *
* digest *
|
v
msgSigDigest
Figure 2.4.1. Original SignedData Signature Digest Calculation
2. A Receipt structure is created (see "Receipt Syntax" section).
2.1. The value of the Receipt version field is set to 1.
2.2. The encapsulatedContentType and signedContentIdentifier
values are copied from the original signedData signerInfo
receiptRequest attribute into the corresponding fields in the
Receipt structure.
2.3. The signature value from the original signedData signerInfo
that includes the receiptRequest attribute is copied into the
originatorSignatureValue field in the Receipt structure.
3. The Receipt structure is ASN.1 DER encoded to produce a data stream, D1.
4. D1 is digested. As depicted in Figure 2.4.2, the resulting digest value
is included as the messageDigest attribute in the authenticatedAttributes of
the signerInfo which will eventually contain the signedData/Receipt
signature value.
Receipt Content
* *
* *
* digest *
| SignedData/Receipt SignerInfo
v Authenticated Attributes
------------------------------------------------------------------
| messageDigest | msgSigDigest | contentType | other attributes ...|
------------------------------------------------------------------
* *
* *
* digest *
|
v
receiptSigDigest
Figure 2.4.2. SignedData/Receipt Signature Digest Calculation
5. The digest value (msgSigDigest) calculated in Step 1 to verify the
signature of the original signedData signerInfo is included as the
msgSigDigest attribute in the authenticatedAttributes of the signerInfo
which will eventually contain the signedData/Receipt signature value.
6. A contentType attribute including the id-ct-receipt OID MUST be created
and added to the authenticated attributes of the signerInfo which will
eventually contain the signedData/Receipt signature value.
7. contentHints (with receipt set to TRUE) and signingTime (indicating the
time that the signedData/Receipt is signed) attributes SHOULD be created and
added to the authenticated attributes of the signerInfo which will
eventually contain the signedData/Receipt signature value. Other attributes
(except receiptRequest) may be added to the authenticatedAttributes of the
signerInfo.
8. The authenticatedAttributes (messageDigest, msgSigDigest, contentType
and, possibly, others) of the signerInfo are ASN.1 DER encoded and digested
as described in CMS, Section 5.3. The resulting digest value
(receiptSigDigest) is used to calculate the signature value which is then
included in the signedData/Receipt signerInfo.
9. The ASN.1 DER encoded Receipt content MUST be directly encoded within the
signedData contentInfo content ANY field. The id-ct-receipt OID MUST be
included in the signedData contentInfo contentType. This results in a
single ASN.1 encoded object composed of a signedData including the Receipt
content. The Data content type MUST NOT be used. The Receipt content MUST
NOT be encapsulated in a MIME header or any other header prior to being
encoded as part of the signedData object."
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================