John -- This looks good to me, lets go with it.
Paul -- as my MLA modification message seems to have been eaten by
majordommo last Tuesday let me know if you have a copy of it. I don't think
however that it needs to be included in the new text as this addresses the
same issue in a better manner.
jim
-----Original Message-----
From: jsp(_at_)jgvandyke(_dot_)com [mailto:jsp(_at_)jgvandyke(_dot_)com]
Sent: Wednesday, March 11, 1998 7:02 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: New ESS-03 MLA Proposal
All,
Based on comments from Jim Schaad and Andrew Farrell, I have modified the
proposal to enhance ESS-03, Sec 4.2 as follows:
17) Sec 4.2, first para: This change addresses the Open Issue regarding MLA
processing. Please replace the first para with the following text:
"The first few paragraphs provide a high-level description of MLA
processing. The rest of the section provides a detailed description of MLA
processing. MLA processing depends on the structure of the S/MIME layers in
the message sent to the MLA for expansion. An entity can send a message to
the MLA in which any combination of security services has been applied. For
example, an entity can send a quadruple-wrapped message to the MLA (i.e. a
well-formed triple-wrapped message was sent through a gateway that added an
outer SignedData layer).
In all cases, the MLA MUST parse all layers of the received message to
determine if there are any signedData layers that include an
eSSSecurityLabel authenticatedAttribute. This may include decrypting an
EnvelopedData layer to determine if an encapsulated SignedData layer
includes an eSSSecurityLabel attribute. The MLA MUST fully process each
eSSSecurityLabel attribute found in the various signedData layers including
performing access control checks before distributing the message to the ML
members. The details of the access control checks are beyond the scope of
this document. The MLA MUST verify the signature of the signerInfo
including the eSSSecurityLabel attribute before using it.
In all cases, the MLA MUST sign the message to be sent to the ML members in
a new "outer" signedData layer. The MLA MUST add or update an
mlExpansionHistory attribute in the "outer" signedData that it creates to
document MLA processing. If there was an "outer" signedData layer included
in the original message received by the MLA, then the MLA-created "outer"
signedData layer MUST include each authenticated attribute present in the
original "outer" signedData layer, unless the MLA explicitly replaces an
attribute (such as signingTime or mlExpansionHistory) with a new value.
When an S/MIME message is received by the MLA, the MLA MUST first determine
which received signedData layer, if any, is the "outer" signedData layer.
To identify the received "outer" signedData layer, the MLA MUST verify the
signature and fully process the authenticatedAttributes in each of the outer
signedData layers (working from the outside in) to determine if any of them:
1) include an mlExpansionHistory attribute; or
2) encapsulate an envelopedData object.
The MLA's search for the "outer" signedData layer is completed when it finds
one of the following: the "outer" signedData layer meeting one of the above
properties; an envelopedData layer; or the original content (i.e. not
envelopedData and not signedData).
If the MLA finds an "outer" signedData layer, then the MLA MUST: strip off
all of the signedData layers that encapsulated the "outer" signedData layer;
strip off the "outer" signedData layer itself (after remembering the
included authenticatedAttributes); expand the envelopedData (if present);
and sign the message to be sent to the ML members in a new "outer"
signedData layer that includes the authenticatedAttributes (unless explictly
replaced) from the original, received "outer" signedData layer.
If the MLA finds an "outer" signedData layer that includes an
mlExpansionHistory attribute AND the MLA subsequently finds an envelopedData
layer buried deeper with the layers of the received message, then the MLA
MUST strip off all of the signedData layers down to the envelopedData layer
(including stripping off the original "outer" signedData layer) and MUST
sign the expanded envelopedData in a new "outer" signedData layer that
includes the authenticatedAttributes (unless explictly replaced) from the
original, received "outer" signedData layer.
If the MLA does not find an "outer" signedData layer AND does not find an
envelopedData layer, then the MLA MUST sign the original, received message
in a new "outer" signedData layer. If the MLA does not find an "outer"
signedData AND does find an envelopedData layer then it MUST expand the
envelopedData layer, if present, and sign it in a new "outer" signedData
layer.
Consider the following examples:
1) A message (S1(Original Content)) (where S = SignedData) is sent to the
MLA in which the signedData layer does not include an MLExpansionHistory
attribute. The MLA verifies and fully processes the authenticatedAttributes
in S1. The MLA decides that there is not an original, received "outer"
signedData layer since it finds the original content, but never finds an
envelopedData and never finds an mlExpansionHistory attribute. The MLA
calculates a new signedData layer, S2, resulting in the following message
sent to the ML recipients: (S2(S1(Original Content))). The MLA includes
an mlExpansionHistory attribute in S2.
2) A message (S3(S2(S1(Original Content)))) is sent to the MLA in which none
of the signedData layers includes an MLExpansionHistory attribute. The MLA
verifies and fully processes the authenticatedAttributes in S3, S2 and S1.
The MLA decides that there is not an original, received "outer" signedData
layer since it finds the original content, but never finds an envelopedData
and never finds an mlExpansionHistory attribute. The MLA calculates a new
signedData layer, S4, resulting in the following message sent to the ML
recipients: (S4(S3(S2(S1(Original Content))))). The MLA includes an
mlExpansionHistory attribute in S4.
3) A message (E1(S1(Original Content))) (where E = envelopedData) is sent to
the MLA in which S1 does not include an MLExpansionHistory attribute. The
MLA decides that there is not an original, received "outer" signedData layer
since it finds the E1 as the outer layer. The MLA expands the
recipientInformation in E1. The MLA calculates a new signedData layer, S2,
resulting in the following message sent to the ML recipients:
(S2(E1(S1(Original Content)))). The MLA includes an mlExpansionHistory
attribute in S2.
4) A message (S2(E1(S1(Original Content)))) is sent to the MLA in which S2
includes an MLExpansionHistory attribute. The MLA verifies the signature
and fully processes the authenticatedAttributes in S2. The MLA finds the
mlExpansionHistory attribute in S2, so it decides that S2 is the "outer"
signedData. The MLA remembers the authenticatedAttributes included in S2
for later inclusion in the new outer signedData that it applies to the
message. The MLA strips off S2. The MLA then expands the
recipientInformation in E1 (this invalidates the signature in S2 which is
why it was stripped). The MLA calculates a new signedData layer, S3,
resulting in the following message sent to the ML recipients:
(S3(E1(S1(Original Content)))). The MLA includes in S3 the attributes from
S2 (unless it specifically replaces an attribute value) including an updated
mlExpansionHistory attribute.
5) A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in which
none of the signedData layers include an MLExpansionHistory attribute. The
MLA verifies the signature and fully processes the authenticatedAttributes
in S3 and S2. When the MLA encounters E1, then it decides that S2 is the
"outer" signedData since S2 encapuslates E1. The MLA remembers the
authenticatedAttributes included in S2 for later inclusion in the new outer
signedData that it applies to the message. The MLA strips off S3 and S2.
The MLA then expands the recipientInformation in E1 (this invalidates the
signatures in S3 and S2 which is why they were stripped). The MLA calculates
a new signedData layer, S4, resulting in the following message sent to the
ML recipients: (S4(E1(S1(Original Content)))). The MLA includes in S4 the
attributes from S2 (unless it specifically replaces an attribute value) and
includes a new mlExpansionHistory attribute.
6) A message (S3(S2(E1(S1(Original Content))))) is sent to the MLA in which
S3 includes an MLExpansionHistory attribute. In this case, the MLA verifies
the signature and fully processes the authenticatedAttributes in S3. The MLA
finds the mlExpansionHistory in S3, so it decides that S3 is the "outer"
signedData. The MLA remembers the authenticatedAttributes included in S3
for later inclusion in the new outer signedData that it applies to the
message. The MLA keeps on parsing encapsulated layers because it must
determine if there are any eSSSecurityLabel attributes contained within.
The MLA verifies the signature and fully processes the
authenticatedAttributes in S2. When the MLA encounters E1, then it strips
off S3 and S2. The MLA then expands the recipientInformation in E1 (this
invalidates the signatures in S3 and S2 which is why they were stripped).
The MLA calculates a new signedData layer, S4, resulting in the following
message sent to the ML recipients: (S4(E1(S1(Original Content)))). The MLA
includes in S4 the attributes from S3 (unless it specifically replaces an
attribute value) including an updated mlExpansionHistory attribute.
================================
John Pawling
jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
================================