[Top] [All Lists]

RE: S/MIME counter-signature: comment and question -Reply

1997-12-17 06:26:45

First, I sure this news will have hit the grapevine by now, but if not the
following URL will be of great interest to the group...

It describes CESG's prior invention of RSA and DH ;-)


Trevor Freeman <trevorf(_at_)microsoft(_dot_)com> 12/16 6:13 pm >>>
If you want to show unequivocally you sent the message then you construct
a new signing data layer with the existing data nested within, rather than
add a new signer info block to the existing signed. If you want to know
the sequence a series of parallel signatures where constructed then use
time to differentiate the signatures.

I think the issue that Tim was trying to convey is that there is no way of
preventing somebody else from adding their signature to your SignedData. 
The problem then, as a receiving application, is who to take as the
originator of the message.  This problem is compounded if we do the
suggested check of cert altSubjectName against the From: field.  Timestamps
are great so long as you can trust that the User has a good time source (and
has used it), and that all signers fill the field.

As far as I can see, the only way of preventing other users from appending
their signature after you have sent the message is to have a variant of
SignedData called LockedSignedData defined as follows:

LockedSignedData ::= SIGNED{ SignedData }

i.e. Take MSP's SequenceSignature approach and sign the SignedData ;-)


Darren Harter
CASM Programme Office,
Communications-Electronics Security Group
Cheltenham, UK