Trevor,
First, I sure this news will have hit the grapevine by now, but if not the
following URL will be of great interest to the group...
http://www.cesg.gov.uk/ellisint.htm
It describes CESG's prior invention of RSA and DH ;-)
Secondly,
Trevor Freeman <trevorf(_at_)microsoft(_dot_)com> 12/16 6:13 pm >>>
Tim,
If you want to show unequivocally you sent the message then you construct
a new signing data layer with the existing data nested within, rather than
add a new signer info block to the existing signed. If you want to know
the sequence a series of parallel signatures where constructed then use
time to differentiate the signatures.
Trevor
I think the issue that Tim was trying to convey is that there is no way of
preventing somebody else from adding their signature to your SignedData.
The problem then, as a receiving application, is who to take as the
originator of the message. This problem is compounded if we do the
suggested check of cert altSubjectName against the From: field. Timestamps
are great so long as you can trust that the User has a good time source (and
has used it), and that all signers fill the field.
As far as I can see, the only way of preventing other users from appending
their signature after you have sent the message is to have a variant of
SignedData called LockedSignedData defined as follows:
LockedSignedData ::= SIGNED{ SignedData }
i.e. Take MSP's SequenceSignature approach and sign the SignedData ;-)
Darren
Darren Harter
CASM Programme Office,
Communications-Electronics Security Group
Cheltenham, UK