ietf-smime
[Top] [All Lists]

Re: ESS-01 issues not finished

1998-03-03 06:43:46
All,

I agree with Jim's recommendation.

- John Pawling


At 09:16 PM 2/28/98 -0800, Jim Schaad (Exchange) wrote:
The following items from my comments for ESS-01 did not make it into
ESS-02 so here it is again.  Hopefully this time it will get some
discussion.

1.  Section 3.1.1 paragraph 5.  I disagree that some SignerInfos within
a SignedData object may be permitted to be missing security labels
without any restrictions.  I propose the following replacement paragraph
(new last sentence).

"There can be multiple SignerInfos within a SignedData object, and each
SignerInfo may include authenticatedAttributes. Therefore, a single
SignedData object may include multiple security labels, each SignerInfo
having an eSSSecurityLabel attribute. For example, an originator can
send a
signed message with two SignerInfos, one containing a DSS signature, the
other containing an RSA signature. Not all of the SignerInfos need to
include security labels, but in all of the SignerInfos that do contain
security labels, the security labels MUST be identical.  Additionally, a
client
SHOULD NOT allow access to the mail if it cannot verify atleast one of
the 
SignerInfos which contains the security label."


Jim



<Prev in Thread] Current Thread [Next in Thread>