In my first E-mail to the group, I made a proposal that got the support
from John (Pawling):
I agree with Denis' enhancement to Jim's Signing Certificate
Attribute proposal.
and from Jim (Schaad)
I have no problems with exentending this from a single instance to a
sequence of instances.
I also asked for a specific scheme that is already there. Jim said : "I
think you have misread how to compute CMS signatures." . This is true.
More precisely, I must admit that I could only understand the section
5.3 while (re-)reading the section 11.2 that says : " The message-digest
attribute type is required if there are any authenticated attributes
present."
I like the explanations provided by John and Jim. Could we re-use some
parts of them to clarify the current section 5.3. ? There are reproduced
below:
From John :
CMS (sec 5.3 and 5.4) already requires two
separate hash calculations when authenticated attributes are used.
First,
the content is hashed and the resulting hash value is included in the
messageDigest authenticated attribute. Then the DER-encoded
authenticatedAttributes are hashed. The signature value is generated
from
the resulting hash value.
From Jim :
The message is hashed and then the message hash is included
in the authenticated attributes as a new attribute. The authenticiated
attributes are then hashed and this is the value that is actually
signed.
The only requirement is that the same hash function be applied to both
sets
of data to be hashed (not an oderous requirement as you should only use
hash
functions that you think are good anyway).
Denis
--
Denis Pinkas Bull S.A.
mailto:Denis(_dot_)Pinkas(_at_)bull(_dot_)net
Rue Jean Jaures B.P. 68 Phone : 33 - 1 30 80 34 87
78340 Les Clayes sous Bois. FRANCE Fax : 33 - 1 30 80 33 21