Re: The address-in-certs issue

Tim Dean said:

A neat solution would be to define another authenticated attribute,

something like

'signature reason', which would be some kind of enumerated type.  Reasons

could be

'Authenticate E-mail sender', 'Authenticated data', etc.  Depending on the

reason,

other attributes would be included in the signature.

Without this, I could envisage a situation of having S/MIME signed a local

file for my

own private purposes, and someone sends it off in a mail, followed by an

interesting

non-repudiation debate...


We did this in ANSI X9.45, as well as a medical informatics signature
standard.
The "signature purpose" attribute was an object ID, rather than an
enumeration,
to allow for easy addition of new (possibly application-specific) purposes.

Regards,
Rich

<Prev in Thread]	Current Thread	[Next in Thread>
Re: The address-in-certs issue, (continued) Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Elliott N Ginsburg Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Elliott N Ginsburg RE: The address-in-certs issue, Ron Craswell Re: The address-in-certs issue, John Pettitt Re: The address-in-certs issue, Stefan Kelm RE: The address-in-certs issue, Scott Hollenbeck RE: The address-in-certs issue, Tim Dean Re: The address-in-certs issue, David P. Kemp Re: The address-in-certs issue, Rich Ankney <= Re: The address-in-certs issue, Kurt Stammberger Re: The address-in-certs issue, Paul Hoffman / IMC Re: The address-in-certs issue, David P. Kemp Re: The address-in-certs issue, Elliott N Ginsburg Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Paul Hoffman / IMC Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Paul Hoffman / IMC Re: The address-in-certs issue, John Gardiner Myers Re: The address-in-certs issue, Paul Hoffman / IMC