ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 'Signature Purpose' attribute?

1998-01-07 07:43:04
from [Rich Ankney] [Permanent Link] 
I'm in Boston today, but when I get home tomorrow I'll pull together a list
of current signature purpose values.  X9.45 defines some "genic" ones,
and there's an ASTM standard that defines some values specific to
medical records applications.  No sense in duplicating what's already
been done...

Regards,
Rich

----------
From: Tim Dean <t(_dot_)dean(_at_)eris(_dot_)dera(_dot_)gov(_dot_)uk>
To: ietf-smime(_at_)imc(_dot_)org
Subject: 'Signature Purpose' attribute?
Date: Wednesday, January 07, 1998 7:37 AM

The topic of 'signature purpose' began to be discussed towards the end but
didn't quite seem to reach closure (hols got in the way I think.) I'm
re-raising it here to see if there is any kind of consensus for including
it as a signed attribute in S/MIME.

Brief summary of previous discussion: it was pointed out that due to the
multi-purpose nature of S/MIME, a signature created in one application for
one purpose could be used by another application for another purpose which
the signer did not intend.  This could happen accidentally or maliciously. 
E.g. I sign a local file or an HTML transaction and someone sends it off to
a third party as an e-mail in my name.  So far as I can tell given the
current protocol the recipient will not be able to detect that I hadn't
intended to send the signed content as an authenticated E-mail.  This
'feature' seems to reduce the usefulness of signatures, particularly for
anything  with a legal flavour, I suspect.

The suggested fix to this problem was to define a 'signature purpose'
attribute which could be optionally included as an authenticated attribute.
 Rich Ankney suggested the value of the attribute could be an OID in line
with prior precedent (including ANSI X9.45).  Purposes could include:

* Authenticate Message originator
* Authenticate file ownership (distinct from previous - 'I want to claim
ownership of this file but am not sending it out as an e-mail')
* Authenticate HTML originator
* Authenticate content reviewer
* Authenticate release authority (to get message through firewall)
* Authenticate Checked by virus scanner
* Authenticate Time stamp
* Etc. - define your own application specific ones.

So different signers could sign a file using different purpose codes using
S/MIME's multiple signature capability.  This could be done without fear of
the purpose being misunderstood.  E.g. I'm signing the content to say I
have virus scanned it or timestamped it, but I deny originating it. 
Several signature purposes could be used together - e.g. I'm originating
this e-mail and I have virus scanned it.

This seems to me to be a simple fix to a potentially awkward problem. 
Thoughts of others?

Tim

----------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The address-in-certs issue, Elliott N Ginsburg
Next by Date:  Re: The address-in-certs issue, David P. Kemp
Previous by Thread:  'Signature Purpose' attribute?, Tim Dean
Next by Thread:  Issues with Enhanced Security Services for S/MIME (ESS-01), Jim Schaad (Exchange)
Indexes:  [Date] [Thread] [Top] [All Lists]