----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 44
From: Phillip Hallam-Baker <pbaker@verisign.com>
Should there be a criticallity flag for signed attributes?
The application I am thiniking of is limiting an employees signing
authority inside a company. An obvious way to do this would be to have
an OID for the signed attribute 'this message does not constitute an
offer or acceptance of a contract'.
Phill,
It's not clear which authority you have in mind for generating the
signed attribute. If it's the message author, then enclosing the text
'this message does not constitute an offer or acceptance of
a contract'
within the body of the message or the CMS authenticated attributes would
seem to be the appropriate solution, rather than inventing OIDs to stand
for that text, and having the author choose from a checklist of applicable
OIDs/statements that could be attached to a message.
But if MIT is the authority grantor, and MIT doesn't want Mr. Foo the
janitor to be authorized to sign contracts, then the appropriate location
is in the X.509 v3 subjectDirectoryAttributes extension of Mr. Foo's
certificate issued by MIT (marked critical or not, as appropriate).
Or if Mr. Foo has a VeriSign identity certificate, MIT could issue an
attribute certificate against it, authorizing Mr. Foo to enter buildings
after hours, but not authorizing him to sign contracts.
In general, for well-structured and standardized information, I believe
the appropriate container is a certificate (identity or attribute), not
the signed attributes defined by CMS. Signed attributes can only be
generated by the message author. Attribute certs can be generated by
anyone, including the CA, the message author, or a third-party
authority-granting entity.
In short, I don't think there is a need for a criticality flag for
CMS signed attributes, because that is not where the critical information
should go.
Dave K.
----------
X-Sun-Data-Type: x-pkcs7-signature
X-Sun-Data-Name: S/MIME Cryptographic Signature
X-Sun-Encoding-Info: base64
Content-Disposition: attachment; filename="smime.p7s"
X-Sun-Content-Lines: 33
MIIG1wYJKoZIhvcNAQcCoIIGyDCCBsQCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BTIwggL2MIICX6ADAgECAhB2vHDuklT7Ed9kpHNC7Et4MA0GCSqGSIb3DQEBBAUAMDcxHDAa
BgNVBAoTE1ZTRSBUZWNobmljYWwgR3JvdXAxFzAVBgNVBAsTDkltcGxlbWVudGF0aW9uMB4X
DTk3MTIwNTAwMDAwMFoXDTk4MTIwNTIzNTk1OVowggEFMRswGQYDVQQKFBJWU0UgVGVjbmlj
YWwgR3JvdXAxFzAVBgNVBAsUDkltcGxlbWVudGF0aW9uMUYwRAYDVQQLEz13d3cudmVyaXNp
Z24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSEw
HwYDVQQLExhGYXZvcml0ZSBDb2xvciAtIEdvcmlsbGExHTAbBgNVBAwTFFByaW5jaXBhbCBD
b25zdWx0YW50MR8wHQYDVQQDExZQaGlsbGlwIE0gSGFsbGFtLUJha2VyMSIwIAYJKoZIhvcN
AQkBFhNwYmFrZXJAdmVyaXNpZ24uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDW
JdaaSnvw/9XSWEi/6wEk1Wj8CpU2b/LT3rON7/IY3j/b0LWZFqi5CBJPpTRlRntnRSbYLfH1
vpNWlNnmQCuuVOebcbyv/jSubvrRSqabQ6g7CfdbX2Eynq9HFiSI6nU557QAxIimY9hxrASR
rp4CTcLUdFMwPQuR84QZIfll9wIDAQABozMwMTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQE
AwIHgDARBgpghkgBhvhFAQYJBAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAiwr8urQcMO17NwSI
AxRw7kDBrFaTN5GJhvs8qewfnEBulb1jz2jY/5Lx+wXBtk86Anb/B0xFRMZce6ui9nAWTjci
w+thLq84V9orR0T8GAmmowKuiWHEtpsNrOO99Tctqx+5+rJ0EcawbFaJSN6Zn1m1nnSY+CA2
woFcu0tg3rIwggI0MIIBnaADAgECAhBErLRupz1gSQGeBEi23oaQMA0GCSqGSIb3DQEBBAUA
MDcxHDAaBgNVBAoTE1ZTRSBUZWNobmljYWwgR3JvdXAxFzAVBgNVBAsTDkltcGxlbWVudGF0
aW9uMB4XDTk3MTIwMzAwMDAwMFoXDTA3MTIwMzIzNTk1OVowNzEcMBoGA1UEChMTVlNFIFRl
Y2huaWNhbCBHcm91cDEXMBUGA1UECxMOSW1wbGVtZW50YXRpb24wgZ0wDQYJKoZIhvcNAQEB
BQADgYsAMIGHAoGBALFl1UihFO54AwKnVEcAY08lyslXWb4gJ1qo8ti0JOaZsyPe3o3k/Yw/
2FcB35xUP2xb2zULyRNVA9G/BOlG/1IfdvqtQZOCu23zRBhMivgre5hJusUOE9ReqHnzRZLI
WZqWAYBzOUuEm5zjUPrFEKhtSYMS5MfualeBpS9VbrTBAgEDo0MwQTAhBgNVHREEGjAYpBYw
FDESMBAGA1UEAxMJT25TaXRlMS04MA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0G
CSqGSIb3DQEBBAUAA4GBACjs7kndFNNKRib3FOsmYQfOOfPk7bbxkV6TUkikcVsemRD86U9y
LGiaOuxrkI7nevlLta1Q/o8R9v8IuihqK/jgYRpQIPmPQgkyLBFiHNIux9fOk6Vho5aXTvhI
XN/8gCRIgUS3XO0G0TdUIRVhDm4+ykfONxegKbniY6JqlPkhMYIBbTCCAWkCAQEwSzA3MRww
GgYDVQQKExNWU0UgVGVjaG5pY2FsIEdyb3VwMRcwFQYDVQQLEw5JbXBsZW1lbnRhdGlvbgIQ
drxw7pJU+xHfZKRzQuxLeDAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAbBgkqhkiG9w0BCQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05NzEyMzEy
MDI1MjVaMCMGCSqGSIb3DQEJBDEWBBQxEzyiAsb6lNvyE2Gk+/wi8+M36jANBgkqhkiG9w0B
AQEFAASBgGIwcB9qB5tIHJuN2aUV1cLsp9adH/El0nycJgynanQLL56/6YTZL4cvj4jk9Awf
EY8AFNKoHNvwcTzceGwVS3W/J4SFNmdzN+PjbEKx1uPHDGLuU+9beI/D1NkMy9E9UFLiuWI6
l3VcoieqgSvWsMxBBai3+V3dain7peDCvkQq