ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

CRLs in OriginatorInfo?

1998-02-03 16:52:40
from [Bill Buffam] [Permanent Link] 
Can someone explain the rationale for including CRLs in OriginatorInfo
in the EnvelopedData type? Obviously you need the originator's public
key to decrypt a D-H encrypted content key, and the certificate is a
convenient way of sending it. But the CRL? If the certificate has been
revoked (say because the private key was compromised), then an impostor
may have sent you encrypted mail. But so what? You're not going to treat
that as a digital signature - that comes from the SignedData type. We're
talking about a different certificate there.

And surely you're not, in general, going to use the encryption key from
that certificate to send back encrypted mail without checking some more
current version of the CRL than the one you just happened to get the
last time he sent you a message.

-- 

Bill Buffam
Unisys, Malvern PA
bjb(_at_)trsvr(_dot_)tr(_dot_)unisys(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Redundant Cert Mgmt Protocols, Blake Ramsdell
Next by Date:  Re: 1/28/98 S/MIME V3 Msg Spec Comments, Paul Hoffman / IMC
Previous by Thread:  Enterprise Security, Yahya Al-Salqan
Next by Thread:  Re: CRLs in OriginatorInfo?, Russ Housley
Indexes:  [Date] [Thread] [Top] [All Lists]