ietf-smime
[Top] [All Lists]

Re: ESS MLA Attributes Comment

1998-02-19 17:18:27
Russ,

I agree that the MLA MUST NEVER change the original signer's securityLabel
authenticated attribute contained in the innermost signedData.  Because
CMS/ESS binds the securityLabel authenticatedAttribute with the signature of
the data, intermediate entities can't change the securityLabel without
breaking the original signer's signature.  That is an excellent feature of
CMS/ESS.

However, I respectfully disagree with your proposal that the MLA must be
restricted from defining the securityLabel values in the outermost
signedData envelope that it creates and signs.  When an MLA-expanded message
is received by the ultimate recipient, the receiving software will process
the securityLabel defined by the MLA when it validates the MLA-generated
outermost signedData layer and will separately process the securityLabel
defined by the original signer when it validates the innermost signedData
layer.  IMHO, the policy defining how an MLA derives the values for the
securityLabel included in the outermost signedData that it signs should be a
matter of local customer policy, not mandated by the ESS spec.  Your
proposal would unnecessarily (IMHO) limit the flexibility of the CMS/ESS
spec, so I oppose it.  
 
================================
John Pawling   
jsp(_at_)jgvandyke(_dot_)com                             
J.G. Van Dyke & Associates, Inc.           
===============================


At 03:44 PM 2/19/98 -0500, Russ Housley wrote:
John:

I disagree with your handling of security label.  MLAs should not modify an
existing security label attribute.  This action would encourage label
translation.

I suggest that we permit the addition of a security label if it is absent,
but otherwise the MLA should preserve the outter security label.

Russ



<Prev in Thread] Current Thread [Next in Thread>