All,
On 12/16/97, I sent a message to the list proposing enhancements to the ESS
Signed Receipt Creation section. This message proposes corresponding
enhancements to the ESS Signed Receipt Validation section.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1) ESS, Sec 2.1. Bullet 6, second sentence: Please change to: "This
validation relies on the sender having retained either a copy of the
original message or information extracted from the original message."
Reason: At this early point in the section, we shouldn't provide the gory
details of exactly what "extracted" info must be saved.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2) ESS, Sec 2.2: Please add as last paragraph:
"The sending agent MUST retain at least one set of the following items to
support the validation of signed receipts returned by the recipients:
1) original signedData object requesting the signed receipt; or
2) message signature digest value used to generate the original signedData
signerInfo signature value (as described in the CMS "Message Digest
Calculation Process" section) and Receipt content digest value (see "Signed
Receipt Validation" section) derived from the original signedData object
requesting the signed receipt. Note: If signed receipts are requested from
multiple recipients, then retaining these digest values is a performance
enhancement because the sending agent can reuse the saved values when
verifying each returned signed receipt."
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3) ESS, Sec 2.6 and 2.7: Please replace Sections 2.6 and 2.7 with the
following:
"2.6. Signed Receipt Validation
A signed receipt is communicated as a single ASN.1 encoded object composed
of a signedData object directly including a Receipt content (i.e.
signedData/Receipt). It is identified by the presence of the id-ct-receipt
OID in the contentInfo contentType value of the signedData object including
the Receipt content.
A signedData/Receipt is validated as follows:
1. ASN.1 decode the signedData object including the Receipt content.
2. Extract the encapsulatedContentType, signedContentIdentifier and
originatorSignatureValue from the decoded Receipt structure to identify the
original signedData signerInfo that requested the signedData/Receipt.
3. Acquire the message signature digest value calculated by the sender to
generate the signature value included in the original signedData signerInfo
that requested the signedData/Receipt.
3.1. If the sender-calculated message signature digest value has
been saved locally by the sender, it must be located and
retrieved.
3.2. If it has not been saved, then it must be re-calculated
based on the original signedData content and
authenticatedAttributes as described in the CMS
"Message Digest Calculation Process" section.
4. The message signature digest value calculated by the sender is then
compared with the value of the msgSigDigest authenticatedAttribute included
in the signedData/Receipt signerInfo. If these digest values are identical,
then that proves that the message signature digest value calculated by the
recipient based on the received original signedData object is the same as
that calculated by the sender. This proves that the recipient received
exactly the same original signedData content and authenticatedAttributes as
sent by the sender because that is the only way that the recipient could
have calculated the same message signature digest value as calculated by the
sender. If the digest values are different, then the signedData/Receipt
signature verification process fails.
5. Acquire the digest value calculated by the sender for the Receipt content
constructed by the sender (including the encapsulatedContentType,
signedContentIdentifier and signature value that were included in the
original signedData signerInfo that requested the signedData/Receipt).
5.1. If the sender-calculated Receipt content digest value has
been saved locally by the sender, it must be located and
retrieved.
5.2. If it has not been saved, then it must be re-calculated. As
described in the "Signed Receipt Creation" section, step 2, create
a Receipt structure including the encapsulatedContentType,
signedContentIdentifier and signature value that were included
in the original signedData signerInfo that requested the signed
receipt. The Receipt structure is then ASN.1 DER encoded to
produce a data stream which is then digested to produce the
Receipt content digest value.
6. The Receipt content digest value calculated by the sender is then
compared with the value of the messageDigest authenticatedAttribute included
in the signedData/Receipt signerInfo. If these digest values are identical,
then that proves that the values included in the Receipt content by the
recipient are identical to those that were included in the original
signedData signerInfo that requested the signedData/Receipt. This proves
that the recipient received the original signedData signed by the sender,
because that is the only way that the recipient could have obtained the
original signedData signerInfo signature value for inclusion in the Receipt
content. If the digest values are different, then the signedData/Receipt
signature verification process fails.
7. The ASN.1 DER encoded authenticatedAttributes of the signedData/Receipt
signerInfo are digested as described in CMS, Section 5.3.
8. The resulting digest value is then used to verify the signature value
included in the signedData/Receipt signerInfo. If the signature
verification is successful, then that proves the integrity of the
signedData/receipt signerInfo authenticatedAttributes and authenticates the
identity of the signer of the signedData/Receipt signerInfo. Note that the
authenticatedAttributes include the recipient-calculated Receipt content
digest value (messageDigest attribute) and recipient-calculated message
signature digest value (msgSigDigest attribute). Therefore, the
aforementioned comparison of the sender-generated and recipient-generated
digest values combined with the successful signedData/Receipt signature
verification proves that the recipient received the exact original
signedData content and authenticatedAttributes (proven by msgSigDigest
attribute) that were signed by the sender of the original signedData object
(proven by messageDigest attribute). If the signature verification fails,
then the signedData/Receipt signature verification process fails."
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4) ESS, Sec 2.8 and 2.9: Please renumber as Sec 2.7 and 2.8, respectively.
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================