ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

'Signature Purpose' attribute?

1998-01-07 05:31:39
from [Tim Dean] [Permanent Link] 
The topic of 'signature purpose' began to be discussed towards the end but 
didn't quite seem to reach closure (hols got in the way I think.) I'm 
re-raising it here to see if there is any kind of consensus for including it as 
a signed attribute in S/MIME.

Brief summary of previous discussion: it was pointed out that due to the 
multi-purpose nature of S/MIME, a signature created in one application for one 
purpose could be used by another application for another purpose which the 
signer did not intend.  This could happen accidentally or maliciously.  E.g. I 
sign a local file or an HTML transaction and someone sends it off to a third 
party as an e-mail in my name.  So far as I can tell given the current protocol 
the recipient will not be able to detect that I hadn't intended to send the 
signed content as an authenticated E-mail.  This 'feature' seems to reduce the 
usefulness of signatures, particularly for anything  with a legal flavour, I 
suspect.

The suggested fix to this problem was to define a 'signature purpose' attribute 
which could be optionally included as an authenticated attribute.  Rich Ankney 
suggested the value of the attribute could be an OID in line with prior 
precedent (including ANSI X9.45).  Purposes could include:

* Authenticate Message originator
* Authenticate file ownership (distinct from previous - 'I want to claim 
ownership of this file but am not sending it out as an e-mail')
* Authenticate HTML originator
* Authenticate content reviewer
* Authenticate release authority (to get message through firewall)
* Authenticate Checked by virus scanner
* Authenticate Time stamp
* Etc. - define your own application specific ones.

So different signers could sign a file using different purpose codes using 
S/MIME's multiple signature capability.  This could be done without fear of the 
purpose being misunderstood.  E.g. I'm signing the content to say I have virus 
scanned it or timestamped it, but I deny originating it.  Several signature 
purposes could be used together - e.g. I'm originating this e-mail and I have 
virus scanned it.

This seems to me to be a simple fix to a potentially awkward problem.  Thoughts 
of others?

Tim
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The address-in-certs issue, John Gardiner Myers
Next by Date:  Re: The address-in-certs issue, Elliott N Ginsburg
Previous by Thread:  Re: The address-in-certs issue, John Gardiner Myers
Next by Thread:  Re: 'Signature Purpose' attribute?, Rich Ankney
Indexes:  [Date] [Thread] [Top] [All Lists]