Paul Hoffman / IMC wrote:
At 03:25 PM 12/31/97 -0500, Phillip Hallam-Baker wrote:
It seems to me we may just need a critical flag just like there is in
the X.509v3 certificate. If the critical bit is set and the client does
not understand the semantics of the attribute a client is required to
inform the user of the fact.
This sounds alright to me, but not the differences in action between PKIX
and S/MIME. In PKIX, you MUST not process a cert that has a critical
attribute you don't understand. In S/MIME, you propose that we "inform the
user", which is the handwaving we're forced to do when a signature check
fails.
If we go with this idea, the handwaving wording for what happens for failed
criticality should be identical as the handwaving wording we use for failed
signature validation. In fact, I'd like to see that wording appear only
once as the same outcome to two different bad events.
I agree, but I want to make sure that the resulting wording makes a
critical attribute something that can be raised in court as something
a recipient should have made themselves aware of before relying on the
document as an agreement.
The concern I have in the back of my mind is Mr Mop, the janitor who
sends a signed message the recipient then claims in court is a binding
contract on behalf of his employer. MIT students are now required
to get an X.509 cert during registration. I'm pretty sure that MIT
does not intend them to be signing contracts binding on the
corporation:-)
Phill
smime.p7s
Description: S/MIME Cryptographic Signature