ietf-smime
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: 'Signature Purpose' attribute?

1998-03-20 12:55:47
from [David P. Kemp] [Permanent Link] 
From: Trevor Freeman <trevorf(_at_)microsoft(_dot_)com>

I am still unclear what this is really trying to solve.
It truly sounds like it is trying to do simple workflow.


Workflow is specifically *not* a goal of the proposal; as you
suggest, that may be accomplished by appropriate structuring of
signature layers.

The sole goal of signaturePurpose is to limit the use to which a
signature may be put, to prevent signed data which has been created
in one context from being misused in another.  A verifier will accept
a signature for n different purposes, based on what the verifier trusts
the CA to certify, and reduced by whatever the CA does not enable in
the particular certificate used to verify the signature.  However,
the signer may wish to limit the signature even further, on a
per-signature basis.

Example: a user has a cert with the non-repudiation keyUsage bit set,
which he normally uses to sign S/MIME messages.  However, he also uses
the key associated with that cert to sign files on his hard drive to
prevent tampering.  One of the files happens to be a working draft,
or something picked up off a mail list with which he totally disagrees.
Without some mechanism to distinguish signature purposes, the integrity
signature may be mistaken for an originator signature, causing the poor
user acute embarassment or worse :-).

The user could of course use different certificates with different keys
for different purposes, but as we have seen, users want to use a single
certificate for multiple purposes, and some misguided souls even want
to use the same key in multiple certificates :-).



As a matter of principal, I do not see that this kind of extension should be
part of the base CMS specification. I would far prefer we get CMS finished,
then we add new functionality by new standards as we are doing with ESS.


The signaturePurpose attribute was originally proposed for CMS, so
that's where the discussion has followed.  But as you imply, it really
belongs in ESS.  The charter has ESS trailing CMS by a month; I assume
that still holds even though CMS has slipped by three months.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Unique Identification of a Certificate, Ambarish Malpani
Next by Date:  RE: cert-02 comments, Blake Ramsdell
Previous by Thread:  RE: 'Signature Purpose' attribute?, Trevor Freeman
Next by Thread:  RE: 'Signature Purpose' attribute?, Tim Dean
Indexes:  [Date] [Thread] [Top] [All Lists]