Andrew,
I agree completely. I will update my proposal and re-send it to the list.
- John Pawling
At 11:53 AM 3/11/98 +0000, Andrew Farrell wrote:
One small note.
John Pawling writes:
When an S/MIME message is received by the MLA, the MLA MUST first determine
which received signedData layer, if any, is the "outer" signedData layer.
To identify the received "outer" signedData layer, the MLA MUST verify the
signature and fully process the authenticatedAttributes in each of the outer
signedData layers (working from the outside in) to determine if any of them:
1) include an mlExpansionHistory attribute;
2) encapsulate an envelopedData object; or
3) encapsulate the original content (i.e. not envelopedData and not signedData
).
If the MLA does not find an "outer" signedData layer then it MUST sign the
original, received message in a new "outer" signedData layer.
A literal interpretation of this rule would change the (S3(S2(S1(Orig
Content)))) to S4(Orig Content). We should perhaps add a note that in
case 3, an "outer" signedData layer has not been found.
Andrew.