ietf-smime
[Top] [All Lists]

RE: S/MIME counter-signature: comment and question -Reply

1997-12-17 14:28:23
Hi Darren,
Anyone can resign documents, and there  is no ASN.1 construct which can
prevent this if they are happy to discard signatures, so what is it you are
trying to really do? If you are trying to show a series of signatures then
S\MIME can do that, if someone wants to parallel sign a object, then time
will identify who signed first, and yes you need to work out which time
source to use.
Trevor
-----Original Message-----
From: Darren Harter [SMTP:dharter(_at_)cesg(_dot_)gov(_dot_)uk]
Sent: 17 December, 1997 5:25 AM
To:   ietf-smime(_at_)imc(_dot_)org
Subject:      RE: S/MIME counter-signature: comment and question -Reply

Trevor,

First, I sure this news will have hit the grapevine by now, but if not the
following URL will be of great interest to the group...

http://www.cesg.gov.uk/ellisint.htm

It describes CESG's prior invention of RSA and DH ;-)

Secondly,

Trevor Freeman <trevorf(_at_)microsoft(_dot_)com> 12/16 6:13 pm >>>
Tim,
If you want to show unequivocally you sent the message then you construct
a new signing data layer with the existing data nested within, rather
than
add a new signer info block to the existing signed. If you want to know
the sequence a series of parallel signatures where constructed then use
time to differentiate the signatures.
Trevor

I think the issue that Tim was trying to convey is that there is no way of
preventing somebody else from adding their signature to your SignedData. 
The problem then, as a receiving application, is who to take as the
originator of the message.  This problem is compounded if we do the
suggested check of cert altSubjectName against the From: field.
Timestamps
are great so long as you can trust that the User has a good time source
(and
has used it), and that all signers fill the field.

As far as I can see, the only way of preventing other users from appending
their signature after you have sent the message is to have a variant of
SignedData called LockedSignedData defined as follows:

LockedSignedData ::= SIGNED{ SignedData }

i.e. Take MSP's SequenceSignature approach and sign the SignedData ;-)

Darren

Darren Harter
CASM Programme Office,
Communications-Electronics Security Group
Cheltenham, UK